Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 1 Sep 2008 11:47:29 +0200
From: Nico Golde <>
Subject: CVE id request: newsbeuter

newsbeuter ( 1.1 fixes a security 
issue that was discovered by J.H.M. Dassen (Ray) and is 
fixed in svn revision 1429.

The previous version allowed to execute arbitrary code by a 
crafted feed URL that is passed as a command line parameter 
if the URL is opened by an external browser.

Upstream changelog:
        Added a line wrap for the article view's headers and the link list on the bottom (fixes Debian issue #491122)
        Added test suite for functional tests of the user interface
        Fixed quoting issue in open-in-browser command

This issue should affect all newsbeuter versions < 1.1.

Can I get a CVE id for this please?

Kind regards

Nico Golde - - - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ