New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SRU] Thunar CVE-2021-32563 (focal, groovy, hirsute) #6
Comments
Experimental build for focal at https://launchpad.net/~bluesabre/+archive/ubuntu/experimental |
Experimental build for groovy at https://launchpad.net/~bluesabre/+archive/ubuntu/experimental |
Experimental build for hirsute at https://launchpad.net/~bluesabre/+archive/ubuntu/experimental |
@philipzae I've got some early experimental builds for focal, groovy, and hirsute above (some are still building). Can you or the testers give them a quick test before I submit formal SRUs on Launchpad? |
@bluesabre on it. |
I was able to reproduce the issue with Xubuntu_21.04 with the experimental build. |
@JT252 Does that mean that the issue is not fixed? I'll have to take another look. |
It works as expected. It now opens thunar instead of the image with its
default image viewer.
…On Tue, Jun 8, 2021 at 9:11 PM Sean Davis ***@***.***> wrote:
@JT252 <https://github.com/JT252> Does that mean that the issue is not
fixed? I'll have to take another look.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#6 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AQAC37SGH46EJVQMF6JQC4TTR25S3ANCNFSM46JTJXRQ>
.
|
@JT252 Thanks for the confirmation. I've created a public security bug on Launchpad for the CVE. |
Describe the bug(s) being fixed
CVE-2021-32563 affects Thunar versions found in supported releases. Related patches:
GitLab issues #121, #575
To Reproduce
Steps to reproduce the behavior:
thunar ~/Pictures/icon.png
Expected behavior
Thunar should instead open, selecting the file.
Desktop (please complete the following information):
Additional context
Scripts and applications depending on the previous functionality will be adversely affected. Since this functionality is specific to Thunar, this change should have minimal regression impact.
Verification
The text was updated successfully, but these errors were encountered: