[SECURITY] [DLA 217-1] xdg-utils security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 217-1] xdg-utils security update
From: Mike Gabriel <sunweaver@debian.org>
Date: Fri, 1 May 2015 11:32:20 +0200
Message-id: <[🔎] 20150501093219.GA739@minobo.das-netzwerkteam.de>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

The two below CVE issues have recently been fixed in Debian squeeze-lts:

CVE-2014-9622

     John Houwer discovered a way to cause xdg-open, a tool that automatically
     opens URLs in a user's preferred application, to execute arbitrary
     commands remotely.

CVE-2015-1877

     Jiri Horner discovered a way to cause xdg-open, a tool that automatically
     opens URLs in a user's preferred application, to execute arbitrary
     commands remotely.

     This problem only affects /bin/sh implementations that don't sanitize
     local variables. Dash, which is the default /bin/sh in Debian is
     affected. Bash as /bin/sh is known to be unaffected.

-- 

mike gabriel aka sunweaver (Debian Developer)
fon: +49 (1520) 1976 148

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: sunweaver@debian.org, http://sunweavers.net

Attachment: signature.asc
Description: Digital signature

Reply to:

Next by Date: [SECURITY] [DLA 218-1] xorg-server security update
Next by thread: [SECURITY] [DLA 218-1] xorg-server security update
Index(es):
- Date
- Thread