man in the middle
Bug #1586318 reported by
Bernd Dietzel
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ANoise |
Fix Released
|
High
|
costales |
Bug Description
/usr/share/
Line : 119
os.system('apturl %s &' % uri)
If someone redirects the url of the anoise website to his website,
he can inject code to the shell by changing the apturl text on the manipulated website.
Please use subprocess.
Thanks :-)
information type: | Private Security → Public Security |
Changed in anoise: | |
milestone: | none → 0.0.28 |
assignee: | nobody → costales (costales) |
status: | New → Triaged |
Changed in anoise: | |
status: | Triaged → In Progress |
importance: | Undecided → High |
Changed in anoise: | |
status: | In Progress → Fix Released |
To post a comment you must log in.