Summary: | net-news/newsbeuter <1.2 Improper URI quoting when starting browser (CVE-2008-3907) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ingmar, tanderson |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://thread.gmane.org/gmane.comp.security.oss.general/877 | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 235360 | ||
Bug Blocks: |
Description
Robert Buchholz (RETIRED)
![]() According to the URL you included: s/1.2/1.1/g :) (In reply to comment #1) > According to the URL you included: s/1.2/1.1/g :) > Oh I'm wrong: 1.2 (2008-09-02): Fixed crash in case of invalid color/attribute names in the configuration Implemented "download-timeout" and "download-retries" config options to make newsbeuter more reliable over unreliable connection (fixes #88). Improved whitespace handling in XML parser (fixes Debian issue #496765). Fixed broken open-in-browser operation for URLs that contained a single quote (fixes Debian issue #497495; fixes incomplete security fix). Sorry for the noise, nevermind me. I've added dev-libs/stfl-0.19. This is a dependency of the new version. net-news/newsbeuter-1.2 is in gentoo-x86. Arches, please test and mark stable: =net-news/newsbeuter-1.2 Target keywords : "x86" Please note that you must also stable =dev-libs/stfl-0.19. x86 stable, all arches done. GLSA request filed. GLSA 200809-12 |