Update as fast as possible to 1.3.3. (Haven't verified how criticial the vulnerability is). See https://github.com/hyprwm/xdg-desktop-portal-hyprland/releases/tag/v1.3.3 (it was also mentioned on their discord)
For now bump the package your self by renaming the ebuild file to the new version and running `pkgdev manifest -m -f` Unfortunately I not in my laptop right now. If you can send the detailed of the vulnerability since the release don’t explain it
Well it seems the portal is deleting files it should be touching, well for now just downgrade, thanks for the report downstream but next time don’t make High priority. This is not really a vulnerability it just a small error of the development. I kinda amazed how portals are capable of deleting the user directory to be fare :)
(In reply to Gonçalo Negrier Duarte from comment #2) > This is not really a vulnerability it just a small error of the development. > I kinda amazed how portals are capable of deleting the user directory to be > fare :) It's a "small error of the development", but that error led to a vulnerability. Most vulnerabilities are accidents.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/proj/guru.git/commit/?id=6dcb18e838a08ad49746bfd2e5e1facdf6169e2d commit 6dcb18e838a08ad49746bfd2e5e1facdf6169e2d Author: Gonçalo Negrier Duarte <gonegrier.duarte@gmail.com> AuthorDate: 2024-07-22 19:21:23 +0000 Commit: Gonçalo Negrier Duarte <gonegrier.duarte@gmail.com> CommitDate: 2024-07-22 19:21:23 +0000 gui-libs/xdg-desktop-portal-hyprland: pipewire version need to be bump to 1.2.1 do to a error compiling with gcc * More info: https://github.com/PipeWire/pipewire/commit/da1dbc1 Closes: https://bugs.gentoo.org/935669 Closes: https://bugs.gentoo.org/936487 Signed-off-by: Gonçalo Negrier Duarte <gonegrier.duarte@gmail.com> ...yprland-1.3.3.ebuild => xdg-desktop-portal-hyprland-1.3.3-r1.ebuild} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
