Disable attachment support in xdg-email (fixes CVE-2020-27748) (!58) · Merge requests · xdg / xdg-utils

Gabriel Corona requested to merge randomstuff/xdg-utils:fix-xdg-email-attachment-vulnerabilities into master Aug 25, 2022

Fix for #177 (CVE-2020-27748) and #205. It introduces a breaking change by removing --attach support. However as discussed in #177, the removed feature was:

only working for thunderbird;
not always functional (even for thunderbird) depending on the desktop environment used;
the source of several vulnerabilities.

Admin message

Disable attachment support in xdg-email (fixes CVE-2020-27748)

Merge request reports