*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: newsbeuter
"The open-in-browser command in newsbeuter before 1.1 allows remote
attackers to execute arbitrary commands via shell metacharacters in a
feed URL."
I've requested a sync for Intrepid, and am preparing a patch for Hardy.
** Affects: newsbeuter (Ubuntu)
Importance: High
Assignee: William Grant (wgrant)
Status: In Progress
** Affects: newsbeuter (Ubuntu Hardy)
Importance: High
Assignee: William Grant (wgrant)
Status: Triaged
** Affects: newsbeuter (Ubuntu Intrepid)
Importance: High
Assignee: William Grant (wgrant)
Status: In Progress
** Visibility changed to: Public
** Changed in: newsbeuter (Ubuntu Intrepid)
Importance: Undecided => High
Assignee: (unassigned) => William Grant (wgrant)
Status: New => In Progress
** Changed in: newsbeuter (Ubuntu Hardy)
Importance: Undecided => High
Assignee: (unassigned) => William Grant (wgrant)
Status: New => Triaged
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-3907
--
[CVE-2008-3907] Arbitrary code execution by crafted item URLs
https://bugs.launchpad.net/bugs/275019
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
