git: 2d7a11dac84a - main - security/vuxml: Document XFCE libexo vulnerability.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 11 Jun 2022 08:07:40 UTC
The branch main has been updated by madpilot:
URL: https://cgit.FreeBSD.org/ports/commit/?id=2d7a11dac84a683d85a1bc7df561f91506fac922
commit 2d7a11dac84a683d85a1bc7df561f91506fac922
Author: Guido Falsi <madpilot@FreeBSD.org>
AuthorDate: 2022-06-11 08:06:56 +0000
Commit: Guido Falsi <madpilot@FreeBSD.org>
CommitDate: 2022-06-11 08:06:56 +0000
security/vuxml: Document XFCE libexo vulnerability.
---
security/vuxml/vuln-2022.xml | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)
diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml
index 4ec14d8531fe..37fbce5754b7 100644
--- a/security/vuxml/vuln-2022.xml
+++ b/security/vuxml/vuln-2022.xml
@@ -1,3 +1,30 @@
+ <vuln vid="55cff5d2-e95c-11ec-ae20-001999f8d30b">
+ <topic>XFCE -- Allows executing malicious .desktop files pointing to remote code</topic>
+ <affects>
+ <package>
+ <name>libexo</name>
+ <range><lt>4.16.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>XFCE Project reports:</p>
+ <blockquote cite="https://gitlab.xfce.org/xfce/exo/-/commit/cc047717c3b5efded2cc7bd419c41a3d1f1e48b6">
+ <p>Prevent executing possibly malicious .desktop files
+ from online sources (ftp://, http:// etc.).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2022-32278</cvename>
+ <url>https://gitlab.xfce.org/xfce/exo/-/commit/cc047717c3b5efded2cc7bd419c41a3d1f1e48b6</url>
+ </references>
+ <dates>
+ <discovery>2022-06-11</discovery>
+ <entry>2022-06-11</entry>
+ </dates>
+ </vuln>
+
<vuln vid="b51cfaea-e919-11ec-9fba-080027240888">
<topic>py-numpy -- Missing return-value validation of the function PyArray_DescrNew</topic>
<affects>