Date: Mon, 1 Sep 2008 11:47:29 +0200 From: Nico Golde <oss-security+ml@...lde.de> To: oss-security@...ts.openwall.com Subject: CVE id request: newsbeuter Hi, newsbeuter (http://www.newsbeuter.org) 1.1 fixes a security issue that was discovered by J.H.M. Dassen (Ray) and is fixed in svn revision 1429. The previous version allowed to execute arbitrary code by a crafted feed URL that is passed as a command line parameter if the URL is opened by an external browser. Upstream changelog: 1.1: Added a line wrap for the article view's headers and the link list on the bottom (fixes Debian issue #491122) Added test suite for functional tests of the user interface Fixed quoting issue in open-in-browser command ^^^^^ This issue should affect all newsbeuter versions < 1.1. Can I get a CVE id for this please? Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion@...ber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ