CVE-2012-0956

Priority
Medium
Description
ubiquity-slideshow-ubuntu before 58.2, during installation, allows remote
man-in-the-middle attackers to execute arbitrary web script or HTML and
read arbitrary files via a crafted attribute in the <a> tag of a Twitter
feed.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0956
http://www.ubuntu.com/usn/usn-1561-1
Bugs
https://bugs.launchpad.net/ubuntu/+source/ubiquity-slideshow-ubuntu/+bug/991982
Assigned-to
mdeslaur
Package
Source: ubiquity-slideshow-ubuntu (LP Ubuntu Debian)
Upstream:released (60)
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 11.04 (Natty Narwhal):not-affected
Ubuntu 11.10 (Oneiric Ocelot):not-affected
Ubuntu 12.04 LTS (Precise Pangolin):released (58.2)
Ubuntu 12.10 (Quantal Quetzal):released (60)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-10-04 18:14:32 UTC (commit 5863)