CVE-2008-3907
Published: 4 September 2008
The open-in-browser command in newsbeuter before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a feed URL.
Notes
Author | Note |
---|---|
jdstrand | per Debian: versions < 1.0-1 didn't include a patch to wrap long article URLs so the crafted part of the URL can be hidden. This of course only affects people not reading articles in the built-in reader. |
Priority
Status
Package | Release | Status |
---|---|---|
newsbeuter Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Does not exist
|
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Released
(0.7-1ubuntu0.1)
|
|
intrepid |
Released
(0.9.1-1+lenny3)
|
|
upstream |
Released
(0.9.1-1+lenny3)
|