| Release | Version |
|---|---|
| bullseye | 1.1.3-4.1 |
| bookworm | 1.1.3-4.1 |
| trixie | 1.2.1-2 |
| sid | 1.2.1-2 |
| Bug | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|
| CVE-2022-4055 | vulnerable (no DSA) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable | When xdg-mail is configured to use thunderbird for mailto URLs, improp ... |
| CVE-2020-27748 | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable | A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and ... |
| Bug | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|
| CVE-2025-52968 | vulnerable | vulnerable | vulnerable | vulnerable | xdg-open in xdg-utils through 1.2.1 can send requests containing SameS ... |
| Bug | Description |
|---|---|
| CVE-2017-18266 | The open_envvar function in xdg-open in xdg-utils before 1.1.3 does no ... |
| CVE-2015-1877 | The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 ... |
| CVE-2014-9622 | Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported ... |
| CVE-2009-0068 | Interaction error in xdg-open allows remote attackers to execute arbit ... |
| CVE-2008-0386 | Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to e ... |
| DSA / DLA | Description |
|---|---|
| DSA-4211-1 | xdg-utils - security update |
| DLA-1384-1 | xdg-utils - security update |
| DLA-217-1 | xdg-utils - security update |
| DSA-3165-1 | xdg-utils - security update |
| DSA-3131-1 | xdg-utils - security update |