[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1061-1] newsbeuter security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : newsbeuter
Version        : 2.5-2+deb7u2
CVE ID         : CVE-2017-12904


Jeriko One discovered that newsbeuter, a text-mode RSS feed reader,
did not properly escape the title and description of a news article
when bookmarking it. This allowed a remote attacker to run an
arbitrary shell command on the client machine.


For Debian 7 "Wheezy", these problems have been fixed in version
2.5-2+deb7u2.

We recommend that you upgrade your newsbeuter packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJZmHenXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHUxgQAL7Y7szZyxTjPSBJeZmUsyvi
zlixzj4356WBh8K2uC8AAsFLwk3Py2TTTMjW8VOg98p3s45Jsf0LVI55k1JBmgkR
mpYm3EFbie5QiU8ehkk74o8HEqLhF4fhU/aZfMFBKe+0mO7jJn/34rvicNazH/d0
OHR1PBfYwFhCwABuGRNiWTHp86Jgigzump+ZwAwaQvCUA0YGvadj6i7lJH/4kLz2
i8R1NIwQcCUQt543Ctg9aRbfGd57tcxiFYWhB0RGRcVnhn9lS3cFET3PasHswUX5
nr9tdiGtdwAHdlHDvsGYu50lfflBYnepmfbskR/Tl4RjmE0P7p08XImyfUehItr8
fMm6jes5eQzBxmd/ybcOam8HHgsodnHO27phshmfcGCIEqQG0mjoOPJb6bKptYEz
kwbl96IalfYSIdXsIzJ6U46OnBpEoPVMdmNy9nzOY2ayndvERt3LIjrs4N0GV/aS
MMEghrhw9N7yooZq2+SKF0VK5mWZVdw/pYltoaH7ebAqFRou8fxK3wBN+p94q/x/
wx9t2qQKlqF/M5L6lUp2LekSi6chfjijExXDUDZ6I5QZU1l2h7UBFIenJJ6lIBu3
aoFWQCPpLXTX4ENzTzLecBEs3wuhkJlCCznHXQ0hkSfbrTcOogwAzKv1OP465pQ9
qv/M6QHeKVtg/P8bX57y
=gyrZ
-----END PGP SIGNATURE-----
Reply to: