oss-sec mailing list archives

Re: CVE request: uzbl before 2010.08.05: User-assisted execution of arbitrary commands caused by faulty default config

From: Josh Bressers <bressers () redhat com>
Date: Fri, 6 Aug 2010 14:38:37 -0400 (EDT)

Please use CVE-2010-2809

Thanks.

-- 
    JB


----- "Alex Legler" <a3li () gentoo org> wrote:

Please assign a CVE for the following issue:

"With shell code in hyperlinks on a page, one of the sample
(uzbl-core)
resp. default (uzbl-browser) button bindings (binding for
mousebutton2)
would execute this code. This commit fixes that issue.
Note that just upgrading your uzbl is not enough. If you have an
existing config, the change will not be automatically applied. So be
sure you have this change in your config."

Source: http://www.uzbl.org/news.php?id=29
Upstream bug:
http://www.uzbl.org/bugs/index.php?do=details&task_id=240

Thanks,
Alex

-- 
Alex Legler | Gentoo Security / Ruby
a3li () gentoo org | a3li () jabber ccc de

Current thread:

CVE request: uzbl before 2010.08.05: User-assisted execution of arbitrary commands caused by faulty default config Alex Legler (Aug 06)
- Re: CVE request: uzbl before 2010.08.05: User-assisted execution of arbitrary commands caused by faulty default config Josh Bressers (Aug 06)