Secunia: Duncan Gilmore has discovered a vulnerability in yarssr, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the GUI.pm module not properly sanitising URLs before using them in an "exec()" statement to launch the browser. This can be exploited to inject and execute arbitrary commands with the privileges of the user running yarssr by tricking him into clicking on a malicious feed link. Successful exploitation requires that "Gnome default" URL handling is disabled.
net-news, are you taking care of this package?
Yes, I've added yarssr-0.2.2-r1 with a patch that fixes the vulnerability. The vulnerable version 0.2.2 is gone. Furthermore, net-news is now in the metadata.
thanks, closing without glsa then.