Quoting from $URL: "The 2010.08.05 release comes with a patched config file. With shell code in hyperlinks on a page, one of the sample (uzbl-core) resp. default (uzbl-browser) button bindings (binding for mousebutton2) would execute this code." "Note that just upgrading your uzbl is not enough. If you have an existing config, the change will not be automatically applied. So be sure you have this change in your config." More info here: http://www.uzbl.org/bugs/index.php?do=details&task_id=240 I'll commit =www-client/uzbl-2010.08.05 which includes the config fix and ewarns with instructions for current users.
Arches, please test and mark stable: =www-client/uzbl-2010.08.05 Target keywords : "amd64 x86"
amd64 done
All good x86.
Builds and runs fine on x86. Please mark stable for x86.
x86 stable, thanks David and Myckel
CVE-2010-2809 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2809): The default configuration of the <Button2> binding in Uzbl before 2010.08.05 does not properly use the @SELECTED_URI feature, which allows user-assisted remote attackers to execute arbitrary commands via a crafted HREF attribute of an A element in an HTML document.
(Kéwan: Note: This bug has been handled, no maintainer actions are needed here.)
This issue was resolved and addressed in GLSA 201412-08 at http://security.gentoo.org/glsa/glsa-201412-08.xml by GLSA coordinator Sean Amoss (ackle).