-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
GLOBAL-6.6.1 released. [CVE-2017-17531]
Hello hackers,
GLOBAL-6.6.1 is a bug fix release.
GLOBAL is a source code tagging system that works the same way across
diverse environments, for example, emacs, vi, less, bash, web browser
and etc. It is useful for hacking a large project.
[FIXED BUG]
o gozilla: A critical vulnerability (CVE-2017-17531) was found in a unknown
function of gozilla(1). It allows remote attackers to execute arbitrary
code via a crafted URL. Now it is fixed.
- - What is the unknown function?
Gozilla accepts a URL as an argument, and invokes a web browser with the
URL.
Though it is undocumented, it is implied in the online manual as follows:
> BUGS
> Gozilla can accept not only source files but also text files,
> directories, HTML files and even URLs, because it is omnivorous.
Impact:
All gozilla(1) before GLOBAL-6.6.1 have the vulnerability.
It allows remote attackers to execute arbitrary code via a crafted URL.
Workaround:
Don't use the unknown function.
Solution:
Install GLOBAL-6.6.1. The vulnerability was eliminated on this version.
You can download it from http://www.gnu.org/software/global/download.html
Shigio YAMAGUCHI <shi...@gnu.org>
-----BEGIN PGP SIGNATURE-----
Comment: For info see http://www.gnupg.org
iQEzBAEBCAAdFiEEfbo3OesTjKdebKVeKvmXe9peQbEFAlo0rX0ACgkQKvmXe9pe
QbGx7Af+Om3Vmc38+sGgMuGD+cYZe8ajK7aHigCbbx2jQ03xBaTVwrja4e5l21IS
1t3XtlGD4fG8oDJLR5RUYW4M1YpP6fhvzw2Sgek00aGPEMbbrMjmESEx8OQOOMMn
Uj8czeq1qogzbV/SOLmBRiV37JKRvRaFPmyY8bxIcxHx30h3fZtAU15R+ngijn1z
0cDOxLquglDXjtK2ksCxd/UHGU9w0BC8pv9LLM1q4c7XaAnYEGroT5Fd45MAb86y
rwT/nXp35lqSK16hduyCTNdvk948NNizccqXtgXTaEwoljsA3RLgKAXP0Uif9KtJ
Da4GcVXlHB0ssCsiRiLn4sRjXRfR1g==
=4WO1
-----END PGP SIGNATURE-----
--
Shigio YAMAGUCHI <shi...@gnu.org>
PGP fingerprint:
26F6 31B4 3D62 4A92 7E6F 1C33 969C 3BE3 89DD A6EB
--
If you have a working or partly working program that you'd like
to offer to the GNU project as a GNU package,
see https://www.gnu.org/help/evaluation.html.
