CVE-2023-49347

NameCVE-2023-49347
DescriptionTemporary data passed between application components by Budgie Extras Windows Previews could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may read private information from windows, present false information to users, or deny access to the application.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
budgie-extras (PTS)buster0.7.1-3vulnerable
bullseye1.1.0-1vulnerable
bookworm1.5.0-2vulnerable
sid, trixie1.8.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
budgie-extrassource(unstable)1.7.1-1unimportant

Notes

https://bugs.launchpad.net/bugs/2044373
https://www.openwall.com/lists/oss-security/2023/12/14/1
https://github.com/UbuntuBudgie/budgie-extras/commit/588cbe6ffa72df904213d77728a3fd5bfae7195e (v1.7.1)
Neutralised by kernel hardening
Search for package or bug name: Reporting problems