|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2023-49342: budgie-extras: budgie-clockworks: uses fixed temporary files in /tmp/<user>_clockworks | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Matthias Gerstner <matthias.gerstner> |
| Component: | Audits | Assignee: | Security Team bot <security-team> |
| Status: | IN_PROGRESS --- | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | matthias.gerstner, security-team |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Bug Depends on: | |||
| Bug Blocks: | 1216279 | ||
| Attachments: |
upstream patch
upstream patch |
||
|
Description
Matthias Gerstner
2023-11-28 14:58:21 UTC
Created attachment 871133 [details]
upstream patch
Created attachment 871134 [details]
upstream patch
Upstream plans to publish the release 1.7.1 on the date mentioned in comment 1. Their suggested patches are found in comments 2 and 3. Please *don't* publish anything in the build service before we give green light. You can privately prepare an update using the given patch but it will likely be simpler to simply use the upstream release once it is public. This is now public via the 1.7.1 upstream release: https://github.com/UbuntuBudgie/budgie-extras/releases/tag/v1.7.1. Please package the new version and submit to all maintained OBS codestreams. This is an autogenerated message for OBS integration: This bug (1217595) was mentioned in https://build.opensuse.org/request/show/1133097 Factory / budgie-extras complete |