Uploaded slrn 0.9.6.2-6 (m68k) to erlangen
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.6
Date: Wed, 9 Feb 2000 15:51:33 -0800
Source: slrn
Binary: slrn slrnpull
Architecture: m68k
Version: 0.9.6.2-6
Distribution: frozen unstable
Urgency: low
Maintainer: Debian/m68k Build Daemon <buildd@kullervo.informatik.uni-erlangen.de>
Description:
slrn - threaded news reader (fast for slow links)
slrnpull - pulls a small newsfeed from an NNTP server
Closes: 57616
Changes:
slrn (0.9.6.2-6) frozen unstable; urgency=low
.
* Fixed 2 sprintf calls in launch_url that get untrusted text passed
into them, and so could be used for exploits in theory.
* Also fixed a quoting bug that let attackers run arbitrary commands by
embedding them in URLs. (This is not entirely fixed, but you are safe if
you use the suggested quoting in the slrn man page. It should really use
exec..)
* Luckily, there are 2 barriers for either of these security holes to be
expolited: first, the user is presented with the url before the browser
is launched (though an attacker could simply pad the front of the url with
something innocuous and hope the victim didn't scroll all the way to the
end of it). Second, you have to have non_Xbrowser or Xbrowser set in your
.slrnrc, and they are not set by default. Still, this needs to go into
frozen. Closes: #57616
* The bug reporter is right, slrn needs a through audit. :-(
Files:
0a7c4a678f954236b2ca28ebbf99446e 181250 news optional slrn_0.9.6.2-6_m68k.deb
c6ed6f2ae0310c75e816180cf390fe7f 65238 news optional slrnpull_0.9.6.2-6_m68k.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (SunOS)
Comment: Processed by Mailcrypt 3.5.5 and Gnu Privacy Guard <http://www.gnupg.org/>
iEYEARECAAYFAjin15UACgkQcS3JWD3FdvcG7wCeO7ZTYM4XZpa7ndrVEOG553Kk
g/8An1EsuRRb/pWwhYrnPOUvmjx2f7JU
=hyfQ
-----END PGP SIGNATURE-----
Reply to: