| Summary: | net-news/newsbeuter <1.2 Improper URI quoting when starting browser (CVE-2008-3907) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | ingmar, tanderson |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://thread.gmane.org/gmane.comp.security.oss.general/877 | ||
| Whiteboard: | B2 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 235360 | ||
| Bug Blocks: | |||
|
Description
Robert Buchholz (RETIRED)
2008-09-02 21:27:28 UTC
According to the URL you included: s/1.2/1.1/g :) (In reply to comment #1) > According to the URL you included: s/1.2/1.1/g :) > Oh I'm wrong: 1.2 (2008-09-02): Fixed crash in case of invalid color/attribute names in the configuration Implemented "download-timeout" and "download-retries" config options to make newsbeuter more reliable over unreliable connection (fixes #88). Improved whitespace handling in XML parser (fixes Debian issue #496765). Fixed broken open-in-browser operation for URLs that contained a single quote (fixes Debian issue #497495; fixes incomplete security fix). Sorry for the noise, nevermind me. I've added dev-libs/stfl-0.19. This is a dependency of the new version. net-news/newsbeuter-1.2 is in gentoo-x86. Arches, please test and mark stable: =net-news/newsbeuter-1.2 Target keywords : "x86" Please note that you must also stable =dev-libs/stfl-0.19. x86 stable, all arches done. GLSA request filed. GLSA 200809-12 |