oss-security - Re: CVE request: uzbl before 2010.08.05: User-assisted execution of arbitrary commands caused by faulty default config

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Message-ID: <1309185107.739551281119917610.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com>
Date: Fri, 6 Aug 2010 14:38:37 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE request: uzbl before 2010.08.05:
 User-assisted execution of arbitrary commands caused by faulty default
 config

Please use CVE-2010-2809

Thanks.

-- 
    JB


----- "Alex Legler" <a3li@...too.org> wrote:

> Please assign a CVE for the following issue:
> 
> "With shell code in hyperlinks on a page, one of the sample
> (uzbl-core)
> resp. default (uzbl-browser) button bindings (binding for
> mousebutton2)
> would execute this code. This commit fixes that issue.
> Note that just upgrading your uzbl is not enough. If you have an
> existing config, the change will not be automatically applied. So be
> sure you have this change in your config."
> 
> Source: http://www.uzbl.org/news.php?id=29
> Upstream bug:
> http://www.uzbl.org/bugs/index.php?do=details&task_id=240
> 
> Thanks,
> Alex
> 
> -- 
> Alex Legler | Gentoo Security / Ruby
> a3li@...too.org | a3li@...ber.ccc.de

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.