Date: Tue, 11 May 2021 07:37:47 +0200 From: Gabriel Corona <gabriel.corona@...t-bretagne.fr> To: oss-security@...ts.openwall.com Subject: Re: Code execution through Thunar Le 09/05/2021 à 21:38, Gabriel Corona a écrit : > When called with a regular file as command line argument, Thunar > would delegate to some other program without user confirmation > based on the file type. This could be exploited to trigger code > execution in a chain of vulnerabilities. > > This is fixed in 4.16.7 and 4.17.2. When called with a regular > file, Thunar now opens the containing directory and selects the > file. > > A CVE ID has been requested. This is CVE-2021-32563. Gabriel
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.