CVE-2017-17512 (retired)

Priority
Description
sensible-browser in sensible-utils before 0.0.11 does not validate strings
before launching the program specified by the BROWSER environment variable,
which allows remote attackers to conduct argument-injection attacks via a
crafted URL, as demonstrated by a --proxy-pac-file argument.
Assigned-to
mdeslaur
Package
Upstream:released (0.0.11)
Ubuntu 12.04 ESM (Precise Pangolin):ignored
Ubuntu 16.04 LTS (Xenial Xerus):released (0.0.9ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (0.0.11)
Patches:
Upstream:https://anonscm.debian.org/git/collab-maint/sensible-utils.git/commit/?id=e16c937c43126df7f08d355277f99dd94cc21ce5
More Information

Updated: 2019-08-23 09:14:03 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)