This bug was fixed in the package xdg-utils - 1.1.3-1ubuntu1
---------------
xdg-utils (1.1.3-1ubuntu1) cosmic; urgency=low
* Merge from Debian Sid (LP: #1779529). Remaining changes:
- Add debian/xdg-utils.links:
+ Symlink /usr/bin/xdg-open to /usr/bin/browse (LP: #1624022)
* Drop lp779156-lubuntu.diff:
- Lubuntu no longer uses LXDE and Sylpheed.
* Drop CVE-2017-18266*.patch:
- The fixes were applied upstream.
* Drop proper-lxqt-handling.patch:
- Proper LXQt support was merged upstream.
xdg-utils (1.1.3-1) unstable; urgency=medium
* New upstream release.
- Avoid argument injection vulnerability in open_envvar.
Fixes CVE-2017-18266, closes: #898317.
* Remove 01-open-lxqt.patch applied by upstream.
* Fix word expansion on KDE in xdg-email. Closes: #898999.
* Bump debhelper and standards version, no modifications for this.
xdg-utils (1.1.2-2) unstable; urgency=medium
* Update Vcs for salsa.debian.org.
* 01-open-lxqt.patch: Fix support in LXQt, which isn't the same as LXDE.
Closes: #884436.
-- Simon Quigley <[email protected]> Sun, 01 Jul 2018 01:59:06 -0500
** Changed in: xdg-utils (Ubuntu)
Status: In Progress => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-18266
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1779529
Title:
Please merge 1.1.3-1 from Debian Sid
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xdg-utils/+bug/1779529/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
