| Release | Version |
|---|---|
| stretch | 1.1.1-1+deb9u2 |
| stretch (security) | 1.1.1-1+deb9u1 |
| buster | 1.1.3-1+deb10u1 |
| bullseye | 1.1.3-4 |
| sid | 1.1.3-4 |
| Bug | stretch | buster | bullseye | sid | Description |
|---|---|---|---|---|---|
| CVE-2020-27748 | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable | vulnerable | local file inclusion vulnerability |
| Bug | Description |
|---|---|
| CVE-2017-18266 | The open_envvar function in xdg-open in xdg-utils before 1.1.3 does no ... |
| CVE-2015-1877 | command injection vulnerability |
| CVE-2014-9622 | Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported ... |
| CVE-2009-0068 | Interaction error in xdg-open allows remote attackers to execute arbit ... |
| CVE-2008-0386 | Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to e ... |
| DSA / DLA | Description |
|---|---|
| DSA-4211-1 | xdg-utils - security update |
| DLA-1384-1 | xdg-utils - security update |
| DLA-217-1 | xdg-utils - security update |
| DSA-3165-1 | xdg-utils - security update |
| DSA-3131-1 | xdg-utils - security update |