diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2018-03-13 16:55:35 +0000 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2018-03-13 16:55:35 +0000 |
commit | 1dde4e5c4b92d849bf1abf0a48135b2a0644f7e1 (patch) | |
tree | c99a472cce74148d499f42ada873454b0e32a42d /metadata/glsa/glsa-201803-04.xml | |
parent | da6a52f691ef980bab92d003d5df8f463c623af8 (diff) |
gentoo resync : 13.03.2018
Diffstat (limited to 'metadata/glsa/glsa-201803-04.xml')
-rw-r--r-- | metadata/glsa/glsa-201803-04.xml | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/metadata/glsa/glsa-201803-04.xml b/metadata/glsa/glsa-201803-04.xml new file mode 100644 index 000000000000..fbb8dc4ac337 --- /dev/null +++ b/metadata/glsa/glsa-201803-04.xml @@ -0,0 +1,51 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201803-04"> + <title>Newsbeuter: User-assisted execution of arbitrary code</title> + <synopsis>A vulnerability in Newsbeuter may allow remote attackers to execute + arbitrary shell commands. + </synopsis> + <product type="ebuild">newsbeuter</product> + <announced>2018-03-11</announced> + <revised count="1">2018-03-11</revised> + <bug>631150</bug> + <access>remote</access> + <affected> + <package name="net-news/newsbeuter" auto="yes" arch="*"> + <vulnerable range="le">2.9-r3</vulnerable> + </package> + </affected> + <background> + <p>Newsbeuter is a RSS/Atom feed reader for the text console.</p> + + </background> + <description> + <p>Newsbeuter does not properly escape shell meta-characters in an RSS item + with a media enclosure in the podcast playback function of Podbeuter. + </p> + </description> + <impact type="normal"> + <p>A remote attacker, by enticing a user to open a feed with a specially + crafted media enclosure, could possibly execute arbitrary shell commands + with the privileges of the user running the application. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>Gentoo has discontinued support for Newsbeuter and recommends that users + unmerge the package: + </p> + + <code> + # emerge --unmerge "net-news/newsbeuter" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14500">CVE-2017-14500</uri> + </references> + <metadata tag="requester" timestamp="2018-02-05T14:58:55Z">chrisadr</metadata> + <metadata tag="submitter" timestamp="2018-03-11T16:29:05Z">chrisadr</metadata> +</glsa> |