| amurray | fwiw I just retried all those failed thunderbird 102 builds as requested by ricotz earlier | 02:01 |
|---|---|---|
| ItzSwirlz | Hey security team, Nemo may also have CVE-2022-37290 | 15:02 |
| -ubottu:#ubuntu-security- GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive. <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37290> | 15:02 | |
| ItzSwirlz | look at the merge request for the nautilus and nemo's code - https://github.com/linuxmint/nemo/blob/0686ec5f75c0456c140c79169607cf6b5ef44175/libnemo-private/nemo-file-operations.c#L829 | 15:02 |
| ItzSwirlz | (Nemo is built off of nautilus) | 15:02 |
| ItzSwirlz | I believe it is. I'm sending an email right now to the nemo devs | 15:03 |
| mdeslaur | ItzSwirlz: thanks, I'll add it to our tracker | 15:04 |
| ItzSwirlz | thanks, I'll also check caja and thunar. The code is scarily similar | 15:04 |
| ItzSwirlz | found it in caja - https://github.com/mate-desktop/caja/blob/14dd4822ddbcafecd3bfb283920b6a60507134bd/libcaja-private/caja-file-operations.c#L831 | 15:09 |
| ItzSwirlz | not in thunar | 15:13 |
| JanC | while Nemo & Caja are Nautilus forks, Thunar is not AFAIK (but it's always possible they reused some code, of course) | 22:22 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!