Debian 9844 Published by

Updated pyxdg packages has been released for Debian GNU/Linux 8 LTS



Package : pyxdg
Version : 0.25-4+deb8u1
CVE ID : CVE-2019-12761
Debian Bug : #930099

It was discovered that there was a code injection issue in PyXDG, a
library used to locate "FreeDesktop.org" configuration/cache/etc.
directories.

A lack of sanitisation allowed arbitrary Python code embedded in
the Category element of a Menu XML document in a .menu file to
be executed.

For Debian 8 "Jessie", this issue has been fixed in pyxdg version
0.25-4+deb8u1.

We recommend that you upgrade your pyxdg packages.