[yarssr] [CVE-2007-5837] missing input sanitising could result in execution of arbitrary shell commands
Bug #186572 reported by
disabled.user
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
yarssr (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: yarssr
References:
DSA-1477-1 (http://
Quoting:
"Duncan Gilmore discovered that yarssr, an RSS aggregator and reader,
performs insufficient input sanitising, which could result in the
execution of arbitrary shell commands if a malformed feed is read."
CVE References
To post a comment you must log in.
dapper: released (0.2.2- 1ubuntu0. 6.06) 1ubuntu0. 6.10) 1ubuntu0. 7.04)
edgy: released (0.2.2-
feisty: released (0.2.2-
gutsy: released (0.2.2-1ubuntu1.1)
hardy: not-affected