Pyxdg Security Update for Debian 8 LTS
Posted on: 06/16/2019 05:58 PM

Updated pyxdg packages has been released for Debian GNU/Linux 8 LTS

Package : pyxdg
Version : 0.25-4+deb8u1
CVE ID : CVE-2019-12761
Debian Bug : #930099

It was discovered that there was a code injection issue in PyXDG, a
library used to locate "FreeDesktop.org" configuration/cache/etc.
directories.

A lack of sanitisation allowed arbitrary Python code embedded in
the Category element of a Menu XML document in a .menu file to
be executed.

For Debian 8 "Jessie", this issue has been fixed in pyxdg version
0.25-4+deb8u1.

We recommend that you upgrade your pyxdg packages.



Printed from Linux Compatible (https://www.linuxcompatible.org/news/story/pyxdg_security_update_for_debian_8_lts.html)