Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 1 Sep 2008 11:47:29 +0200
From: Nico Golde <oss-security+ml@...lde.de>
To: oss-security@...ts.openwall.com
Subject: CVE id request: newsbeuter

Hi,
newsbeuter (http://www.newsbeuter.org) 1.1 fixes a security 
issue that was discovered by J.H.M. Dassen (Ray) and is 
fixed in svn revision 1429.

The previous version allowed to execute arbitrary code by a 
crafted feed URL that is passed as a command line parameter 
if the URL is opened by an external browser.

Upstream changelog:
 1.1:
        Added a line wrap for the article view's headers and the link list on the bottom (fixes Debian issue #491122)
        Added test suite for functional tests of the user interface
        Fixed quoting issue in open-in-browser command
        ^^^^^

This issue should affect all newsbeuter versions < 1.1.

Can I get a CVE id for this please?

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@...ber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ