Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [thread-next>] [month] [year] [list] 
Date: Mon, 1 Sep 2008 11:47:29 +0200
From: Nico Golde <oss-security+ml@...lde.de>
To: oss-security@...ts.openwall.com
Subject: CVE id request: newsbeuter

Hi,
newsbeuter (http://www.newsbeuter.org) 1.1 fixes a security 
issue that was discovered by J.H.M. Dassen (Ray) and is 
fixed in svn revision 1429.

The previous version allowed to execute arbitrary code by a 
crafted feed URL that is passed as a command line parameter 
if the URL is opened by an external browser.

Upstream changelog:
 1.1:
        Added a line wrap for the article view's headers and the link list on the bottom (fixes Debian issue #491122)
        Added test suite for functional tests of the user interface
        Fixed quoting issue in open-in-browser command
        ^^^^^

This issue should affect all newsbeuter versions < 1.1.

Can I get a CVE id for this please?

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@...ber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux