Package: cbrpager Severity: grave Tags: security, patch Justification: user security hole
Hi cbrpager is affected by a command execution flaw via malicious file names in a similar was as comix was affected(0). A CVE id for this issue has been requested. For more information see the redhat bugreport(1). The upstream patch can be found here(2). Cheers Steffen (0): http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462840 (1): https://bugzilla.redhat.com/show_bug.cgi?id=448285 (2): http://cvs.fedoraproject.org/viewcvs/rpms/cbrpager/devel/cbrpager-0.9.16-filen-shell-escaping.patch?rev=1.2 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
