newsbeuter: Remote code execution (CVE-2017-12904)
An attacker can craft an RSS item with shell code in the title and/or
URL. When you bookmark
such an item, your shell will execute that code.
Newsbeuter versions 0.7 through 2.9 are affected.
References:
https://github.com/akrennmair/newsbeuter/issues/591
Patch:
https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307
(from redmine: issue id 7725, created on 2017-08-21, closed on 2017-08-22)
- Relations:
- child #7726 (closed)
- child #7727 (closed)
- child #7728 (closed)
- child #7729 (closed)
- child #7730 (closed)