Ubuntu
yarssr package

[yarssr] [CVE-2007-5837] missing input sanitising could result in execution of arbitrary shell commands

Bug #186572 reported by disabled.user on 2008-01-28

256

Affects		Status	Importance	Assigned to	Milestone
	yarssr (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

Binary package hint: yarssr

References:
DSA-1477-1 (http://www.debian.org/security/2008/dsa-1477)

Quoting:
"Duncan Gilmore discovered that yarssr, an RSS aggregator and reader,
performs insufficient input sanitising, which could result in the
execution of arbitrary shell commands if a malformed feed is read."

CVE References

2007-5837

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2008-01-30:

dapper: released (0.2.2-1ubuntu0.6.06)
edgy: released (0.2.2-1ubuntu0.6.10)
feisty: released (0.2.2-1ubuntu0.7.04)
gutsy: released (0.2.2-1ubuntu1.1)
hardy: not-affected

Changed in yarssr:
status:	New → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuyarssr package