Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 236506
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Robert Buchholz <rbu@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 236506 depends on: 235360 Show dependency tree
Bug 236506 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2008-09-02 21:27 0000 
J.H.M. Dassen (Ray) reported that newsbeuter does not properly escape shell
metacharacters when passing URLs to a browser.

Fixed in 1.2.

------- Comment #1 From Ingmar Vanhassel 2008-09-03 01:12:04 0000 ------- 
According to the URL you included: s/1.2/1.1/g :)

------- Comment #2 From Ingmar Vanhassel 2008-09-03 01:13:43 0000 ------- 
(In reply to comment #1)
> According to the URL you included: s/1.2/1.1/g :)
> 

Oh I'm wrong:

1.2 (2008-09-02):
        Fixed crash in case of invalid color/attribute names in the
configuration
        Implemented "download-timeout" and "download-retries" config options to
make newsbeuter more reliable over unreliable connection (fixes #88).
        Improved whitespace handling in XML parser (fixes Debian issue
#496765).
        Fixed broken open-in-browser operation for URLs that contained a single
quote (fixes Debian issue #497495; fixes incomplete security fix).

Sorry for the noise, nevermind me.

------- Comment #3 From Thomas Anderson (tanderson) 2008-09-03 23:48:12 0000 ------- 
I've added dev-libs/stfl-0.19. This is a dependency of the new version.

------- Comment #4 From Thomas Anderson (tanderson) 2008-09-04 15:50:21 0000 ------- 
net-news/newsbeuter-1.2 is in gentoo-x86.

------- Comment #5 From Robert Buchholz 2008-09-04 18:34:22 0000 ------- 
Arches, please test and mark stable:
=net-news/newsbeuter-1.2
Target keywords : "x86"

------- Comment #6 From Thomas Anderson (tanderson) 2008-09-04 21:16:44 0000 ------- 
Please note that you must also stable =dev-libs/stfl-0.19.

------- Comment #7 From Markus Meier 2008-09-06 12:44:06 0000 ------- 
x86 stable, all arches done.

------- Comment #8 From Tobias Heinlein 2008-09-11 17:38:22 0000 ------- 
GLSA request filed.

------- Comment #9 From Pierre-Yves Rofes 2008-09-22 20:09:49 0000 ------- 
GLSA 200809-12
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug