2020-07-01
ALT-BU-2020-3902-1
Branch sisyphus update bulletin.
Closed bugs
Некорректно отображается пункт программы в меню xfce: название отсутствует
Closed bugs
Сломано обновление из-за файловых конфликтов с пакетом mediawiki-common
Closed bugs
Обновить до 5.4.1
Package telegram-desktop updated to version 2.1.14-alt1 for branch sisyphus in task 254280.
Closed vulnerabilities
Published: 2020-08-11
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-17448
Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat window with a filename that lacks an extension.
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- https://github.com/telegramdesktop/tdesktop/releases/tag/v2.2.0
- https://github.com/telegramdesktop/tdesktop/releases/tag/v2.2.0
- https://github.com/VijayT007/Vulnerability-Database/blob/master/Telegram-CVE-2020-17448
- https://github.com/VijayT007/Vulnerability-Database/blob/master/Telegram-CVE-2020-17448
- GLSA-202101-34
- GLSA-202101-34
- https://telegram.org
- https://telegram.org