tags 399188 patch kthxbye On Sat, Nov 18, 2006 at 13:00:55 +0100, Stefan Fritsch wrote:
> A vulnerability has been found in elinks: > Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed > allows remote attackers to execute arbitrary code via shell > metacharacters in an smb:// URI, as demonstrated by using PUT and GET > statements. > Hi, the attached patch disables support for smb:// URI, and thus fixes this bug. Cheers, Julien
diff -u elinks-0.11.1/debian/rules elinks-0.11.1/debian/rules --- elinks-0.11.1/debian/rules +++ elinks-0.11.1/debian/rules @@ -65,7 +65,7 @@ --without-x \ --with-gnutls=/usr \ --with-perl --enable-nntp --enable-256-colors --enable-leds \ - --without-spidermonkey --enable-html-highlight + --without-spidermonkey --enable-html-highlight --disable-smb # spidermonkey: libsmjs-dev # perl libperl-dev diff -u elinks-0.11.1/debian/changelog elinks-0.11.1/debian/changelog --- elinks-0.11.1/debian/changelog +++ elinks-0.11.1/debian/changelog @@ -1,3 +1,12 @@ +elinks (0.11.1-1.2) unstable; urgency=high + + * Non-maintainer upload. + * High-urgency upload for security bug fix. + * Configure with --disable-smb to fix security issue (CVE-2006-5925), + closes: #399188. + + -- Julien Cristau <[EMAIL PROTECTED]> Mon, 27 Nov 2006 02:32:47 +0100 + elinks (0.11.1-1.1) unstable; urgency=medium * Non-maintainer upload.
signature.asc
Description: Digital signature