[3.5] newsbeuter: Remote code execution (CVE-2017-12904)
An attacker can craft an RSS item with shell code in the title and/or
URL. When you bookmark
such an item, your shell will execute that code.
Newsbeuter versions 0.7 through 2.9 are affected.
(from redmine: issue id 7728, created on 2017-08-21, closed on 2017-08-22)
- parent #7725 (closed)
- Revision 5bcbae52 by Natanael Copa on 2017-08-22T17:36:04Z:
main/newsbeuter: security fix for CVE-2017-12904 fixes #7728