ALT-PU-2017-2556-1
Package newsbeuter updated to version 2.9-alt2.M80P.1 for branch p8 in task 192809.
Closed vulnerabilities
BDU:2017-02033
Уязвимость функции установки закладки консольной программы Newsbeuter версии от 0.7 до 2.9 операционной системы Debian GNU/Linux, позволяющая нарушителю внедрить код
Modified: 2024-11-21
CVE-2017-12904
Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL.
- DSA-3947
- DSA-3947
- https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307
- https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307
- https://github.com/akrennmair/newsbeuter/issues/591
- https://github.com/akrennmair/newsbeuter/issues/591
- [newsbeuter] 20170817 [CVE-2017-12904] Remote code execution
- [newsbeuter] 20170817 [CVE-2017-12904] Remote code execution
- USN-4585-1
- USN-4585-1
Modified: 2024-11-21
CVE-2017-14500
Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure (i.e., a podcast file) that includes shell metacharacters in its filename, related to pb_controller.cpp and queueloader.cpp, a different vulnerability than CVE-2017-12904.
- http://openwall.com/lists/oss-security/2017/09/16/1
- http://openwall.com/lists/oss-security/2017/09/16/1
- DSA-3977
- DSA-3977
- https://github.com/akrennmair/newsbeuter/commit/26f5a4350f3ab5507bb8727051c87bb04660f333
- https://github.com/akrennmair/newsbeuter/commit/26f5a4350f3ab5507bb8727051c87bb04660f333
- https://github.com/akrennmair/newsbeuter/commit/c8fea2f60c18ed30bdd1bb6f798e994e51a58260
- https://github.com/akrennmair/newsbeuter/commit/c8fea2f60c18ed30bdd1bb6f798e994e51a58260
- https://github.com/akrennmair/newsbeuter/issues/598
- https://github.com/akrennmair/newsbeuter/issues/598
- USN-4585-1
- USN-4585-1