Package: centerim Severity: normal Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for centerim.
CVE-2008-1467[0]: | CenterIM 4.22.3 and earlier allows remote attackers to execute | arbitrary commands via shell metacharacters in a URI, related to | "received URLs in the message window." This only works if the user received a crafted URL, presses F2 to list then and presses enter on one of them. The victim of course sees the complete URL including the commands to the danger of opening it should be very low. Patch is on: http://repo.or.cz/w/centerim.git?a=blobdiff_plain;f=src/icqconf.cc;fp=src/icqconf.cc;h=df74872f2e45b91e9865ee776413b11b6e16acd1;hp=192e17f609ae963574be946d94017c39545e17e6;hb=b28c6deaef58eb685a2d747b28b6a572122730d4;hpb=915b3a7ade7a9830236eb6675ef13a8bc32238ce If you fix this vulnerability please also include the CVE id in your changelog entry. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1467 Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpkkCaOChyZ7.pgp
Description: PGP signature
