Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 adds "../po" to the search path for .po files, which might allow local users to cause Elinks to use an untrusted gettext message catalog, which can be leveraged to conduct format string attacks.
*** Bug 177777 has been marked as a duplicate of this bug. ***
spock please advise.
This is now fixed in CVS thanks to a patch pulled from the elinks GIT tree.
Thx Micheal. Could you make a revbump of the latest stable so users can use glsa-check to upgrade and arches have a chance to test?
Woops didn't mean to CC arches already. Sorry for the noise.
Done, 0.11.2-r1 is in CVS now.
Jaervosz, seems it's ok for calling arches this time :)
Thx for the reminder:-) Arches please test and mark stable. Target keywords are: elinks-0.11.2-r1.ebuild:KEYWORDS="alpha amd64 hppa mips ppc ppc64 sparc x86 ~x86-fbsd"
alpha/x86 stable
amd64 done
sparc stable.
ppc64 stable
Stable for HPPA.
stable on ppc
GLS 200706-03, thanks everybody! mips don't forget to mark stable to befenit from the glsa
mips stable.