[3.5] newsbeuter: Remote code execution (CVE-2017-12904)
An attacker can craft an RSS item with shell code in the title and/or
URL. When you bookmark
such an item, your shell will execute that code.
Newsbeuter versions 0.7 through 2.9 are affected.
References:
https://github.com/akrennmair/newsbeuter/issues/591
Patch:
https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307
(from redmine: issue id 7728, created on 2017-08-21, closed on 2017-08-22)
- Relations:
- parent #7725 (closed)
- Changesets:
- Revision 5bcbae52 by Natanael Copa on 2017-08-22T17:36:04Z:
main/newsbeuter: security fix for CVE-2017-12904
fixes #7728