Bug#1053881: tracker-miners: CVE-2023-5557
Jeremy Bícha
jeremy.bicha at canonical.com
Wed Nov 22 15:21:47 GMT 2023
On Fri, Oct 13, 2023 at 9:27 AM Moritz Mühlenhoff <jmm at inutil.org> wrote:
> Source: tracker-miners
> X-Debbugs-CC: team at security.debian.org
> Severity: important
> Tags: security
>
> Hi,
>
> The following vulnerability was published for tracker-miners.
>
> CVE-2023-5557[0]:
> | A flaw was found in the tracker-miners package. A weakness in the
> | sandbox allows a maliciously-crafted file to execute code outside
> | the sandbox if the tracker-extract process has first been
> | compromised by a separate vulnerability.
Moritz,
The architecture build issues were fixed in upstream's 3.4.6 release.
Do you want to do a bookworm security update for this issue?
The sandbox in tracker-miners 2.x is significantly different and since
no upstream patches were provided for it, I do not plan to work on
fixing this for older Debian releases.
Thank you,
Jeremy Bícha
More information about the pkg-gnome-maintainers
mailing list