-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : newsbeuter Version : 2.5-2+deb7u3 CVE ID : CVE-2017-14500 Debian Bug : 876004
It was discovered that podbeuter, the podcast fetcher in newsbeuter, a text-mode RSS feed reader, did not properly escape the name of the media enclosure (the podcast file), allowing a remote attacker to run an arbitrary shell command on the client machine. This is only exploitable if the file is also played in podbeuter. For Debian 7 "Wheezy", these problems have been fixed in version 2.5-2+deb7u3. We recommend that you upgrade your newsbeuter packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlnELV0ACgkQnUbEiOQ2 gwIb/Q//e9awOV/s8hv1r0L2mbJNABLVK++En0MNfv1UOeZH6lTZmJAhePha0C5w UEUD4NyKUHXg33BacADD3vE7rJMKAAa1RAnkPFx4ELE7sOOSylZBxfIV8xF0uQE9 A727h1NsscSvi/m2PLKkCdVmJSQ/z4HeNxEusTImYWR5gJQDgn0NOKYyQAYZRo1g hUdo5sTy0a4aBLyazRn3/KJF189lwcGNyuqbyK0wBnU8vGmiKy6Qye30jJwYx2YG te52YrYayEtDCOeffJO3001llgUZ77YVPkhX2BpdXSJWl3AaK6tlVxYuiSKvlQQq ICLPR9FvWPgoBNRFKRfEveReoPNmDHLJm4IYl1IaWBRuYVpa6m2Uj/hZ8+ZVmiSN 0Sp1aqfKkX584G7aV/QgJ3vteDPmNAdqA4OOv3YUdsAM2mX0y1eZRRagtwXcfG5d 9Nv/3a+UUAX4v0CLYM1zvAWuOxLaxL+QrflEVur4XPtAXMh9RyddMS+N8lrgYmju oOWAKs/N889Cn0F0D/OgFNjQFw/DTdnk/yGwmaAcd0E2DU5GVqf+jXtBm8mRSf06 +4Oc9bS9P28FR9vP7S6ltlSWG92+q/DHWhYjIxjAi8sVik8bKVr8YjVG7Hm0Z9b2 Eb8Cxz7ScIlcvQ/wnykZRGr2Z+n5Rj/eNdxHmVL/f/t/5qKsS4U= =t4XQ -----END PGP SIGNATURE-----
