All errata/sisyphus/ALT-PU-2024-10273-2
ALT-PU-2024-10273-2

Package update xdg-utils in branch sisyphus

Version1.2.1-alt1
Task#353440
Published2026-02-04
Max severityHIGH
Severity:

Closed issues (2)

BDU:2025-04910
HIGH7.4

Уязвимость утилиты для открытия почтового клиента из набора xdg-utils xdg-mail, связанная с недостаточной проверкой введенных пользователем данных, позволяющая нарушителю оказать влияние на целостность защищаемой информации

Published: 2025-04-24Modified: 2025-11-19
CVSS 3.xHIGH 7.4
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
CVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:C/A:N
References
CVE-2022-4055
HIGH7.4

When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked.

Published: 2022-11-19Modified: 2025-04-29
CVSS 3.xHIGH 7.4
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
References

Closed bugs (1)