[10:43] <bluesabre> We don't have micro release exception, so we either need to create LP bugs for every bug since 1.8.14 or cherry pick that fix.
[10:44] <Unit193> Don't think those exist anymore.
[10:44] <Unit193> !mre
[10:44] <ubot3> Micro Release Exceptions are approved by the Ubuntu Technical Board on a per-package basis for packages that cannot be acceptably handled through the Stable Release Update (!sru) process. See https://wiki.ubuntu.com/StableReleaseUpdates/MicroReleaseExceptions for more information.
[10:44] <bluesabre> https://wiki.ubuntu.com/StableReleaseUpdates#New_upstream_microreleases
[10:45] <bluesabre> Xfce doesn't meet these criteria
[10:46] <jphilips> here is the patch if it wants to be cherry picked https://gitlab.xfce.org/xfce/thunar/-/commit/1b85b96ebf7cb9bf6a3ddf1acee7643643fdf92d
[10:46] <ubot3> Commit 1b85b96 in xfce/thunar "Dont execute files, passed via command line due to security risks"
[10:47] <jphilips> was hoping that translation updates since 1.8.14 could also get it for 20.04 users
[10:47] <Unit193> CVE-2021-32563
[10:47] <ubot3> An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) without user confirmation. This could be used to achieve code execution. <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32563>
[10:48] <jphilips> s/get it/get in/
[11:16] <jphilips> bluesabre: could this be xubuntu specific as others cant repo on none xubuntu distros - https://gitlab.xfce.org/xfce/xfce4-session/-/issues/106
[11:16] <ubot3> Issue 106 in xfce/xfce4-session "Triggering application on suspend does not work" [Opened]
[11:18] <bluesabre> It could be. ochosi might be a good candidate to verify... he may have written that code