Ubuntu has issued an advisory on November 26: https://ubuntu.com/security/notices/USN-4649-1 Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
Fixed in current cauldron with xdg-utils-1.1.3-5.mga8.
Whiteboard: MGA7TOO => (none)Version: Cauldron => 7Source RPM: xdg-utils-1.1.3-4.mga8.src.rpm => xdg-utils-1.1.3-3.mga7CC: (none) => jani.valimaa
Pushed fixed xdg-utils-1.1.3-3.1.mga7 to core/updates_testing for mga7, please test. SRPMS/RPMS: xdg-utils-1.1.3-3.1.mga7
Assignee: bugsquad => qa-bugs
Advisory: ======================== Updated xdg-utils package fixes security vulnerability: Jens Mueller discovered that xdg-utils incorrectly handled certain URI. An attacker could possibly use this issue to expose sensitive information (CVE-2020-27748). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27748 https://ubuntu.com/security/notices/USN-4649-1
MGA7-64 MATE on Peaq C1011 No installation issues. This didn't draw in any dependencies. Ref bugs 21992 for tests (which is a mixed bag.....) $ xdg-open librepo.txt opens the file with Pluma: OK $ xdg-open dora.pcapng Opens the filke with wireshark OK. Listed which xdg commands are available xdg-autostart xdg-desktop-menu xdg_menu xdg-screensaver xdg-user-dirs-gtk-update xdg-dbus-proxy xdg-email xdg-mime xdg-settings xdg-user-dirs-update xdg-desktop-icon xdg-icon-resource xdg-open xdg-user-dir Picked xdg_menu and got $ xdg_menu WARNING: '/etc/xdg/kde/menus/kde-settings.menu' does not exist WARNING: '/etc/xdg/menus/kde-information.menu' does not exist WARNING: '/etc/xdg/kde/menus/kde-settings.menu' does not exist WARNING: '/etc/xdg/menus/applications-kmenuedit.menu' does not exist Unknown 'Layout': 'HASH(0xfe3db8) 0 Menuname ARRAY(0xffd0e8) 0 Menuname ARRAY(0xffd358) 0 Menuname ARRAY(0xffd238) 0 Menuname ARRAY(0xffd628) 0 Menuname ARRAY(0xffd718) 0 Menuname ARRAY(0xffd808) 0 Menuname ARRAY(0xffd8f8) 0 Menuname ARRAY(0xffd9e8) 0 Menuname ARRAY(0xffdad8) 0 Menuname ARRAY(0xffdbc8) 0 Merge ARRAY(0xffdcb8) 0 Merge ARRAY(0xffdd78) 0 Separator ARRAY(0xffddf0) 0 Filename ARRAY(0xffde98) 0 and a lot more of those. FYI: there is no kde on this notebook. Are there things missing to make this useful??? $ xdg-settings xdg-settings: no operation given Try 'xdg-settings --help' for more information. [tester7@mach6 Documents]$ xdg-settings --help xdg-settings -- get various settings from the desktop environment Synopsis xdg-settings { get | check | set } {property} [subproperty] I [value] xdg-settings { --help | --list | --manual | --version } Use 'man xdg-settings' or 'xdg-settings --manual' for additional info. No time to study this thing. Ref Len's test in bug23132 I did $ xdg-email --cc hviaene@gmail.com --subject "xdg-utils testing" --body "Can you hear me Muther?" And that indeed opened Thunderbird with the specified fields correctly filled in, ready to be sent. Similar $ xdg-open http://exoplanet.eu opened the site on a new tab in firefox From what I can see, good to go.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA7-64-OK
Validating update Advisory pushed to SVN.
Keywords: (none) => advisory, validated_updateCC: (none) => ouaurelien, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0446.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
Blocks: (none) => 28788
Blocks: 28788 => (none)