SECURITY: URL handling allows remote shell command execution
Bug #132046 reported by
Lionel Le Folgoc
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
xfce4-terminal |
Fix Released
|
Unknown
|
|||
xfce4-terminal (Debian) |
Fix Released
|
Unknown
|
|||
xfce4-terminal (Gentoo Linux) |
Fix Released
|
Medium
|
|||
xfce4-terminal (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Dapper |
Fix Released
|
Medium
|
Kees Cook | ||
Edgy |
Fix Released
|
Medium
|
Kees Cook | ||
Feisty |
Fix Released
|
Medium
|
Kees Cook |
Bug Description
Binary package hint: xfce4-terminal
The terminal_
Affected: dapper, edgy, feisty, gutsy (dapper and edgy ships xfce4-terminal 0.2.5 which is a svn snapshot of the 0.2.6).
Patches will be attached as soon as they are tested.
CVE References
Changed in xfce4-terminal: | |
status: | Unknown → Fix Released |
Changed in xfce4-terminal: | |
status: | Unknown → Fix Released |
Changed in xfce4-terminal: | |
status: | Unknown → Fix Released |
Changed in xfce4-terminal: | |
status: | Confirmed → Fix Committed |
Changed in xfce4-terminal: | |
status: | Fix Committed → Fix Released |
Changed in xfce4-terminal (Gentoo Linux): | |
importance: | Unknown → Medium |
To post a comment you must log in.
Btw, I am unable to reproduce the last comment on upstream bugzilla (http:// bugzilla. xfce.org/ show_bug. cgi?id= 3383): env vars are also escaped for me.