-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : newsbeuter Version : 2.5-2+deb7u2 CVE ID : CVE-2017-12904
Jeriko One discovered that newsbeuter, a text-mode RSS feed reader, did not properly escape the title and description of a news article when bookmarking it. This allowed a remote attacker to run an arbitrary shell command on the client machine. For Debian 7 "Wheezy", these problems have been fixed in version 2.5-2+deb7u2. We recommend that you upgrade your newsbeuter packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQJ8BAEBCgBmBQJZmHenXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHUxgQAL7Y7szZyxTjPSBJeZmUsyvi zlixzj4356WBh8K2uC8AAsFLwk3Py2TTTMjW8VOg98p3s45Jsf0LVI55k1JBmgkR mpYm3EFbie5QiU8ehkk74o8HEqLhF4fhU/aZfMFBKe+0mO7jJn/34rvicNazH/d0 OHR1PBfYwFhCwABuGRNiWTHp86Jgigzump+ZwAwaQvCUA0YGvadj6i7lJH/4kLz2 i8R1NIwQcCUQt543Ctg9aRbfGd57tcxiFYWhB0RGRcVnhn9lS3cFET3PasHswUX5 nr9tdiGtdwAHdlHDvsGYu50lfflBYnepmfbskR/Tl4RjmE0P7p08XImyfUehItr8 fMm6jes5eQzBxmd/ybcOam8HHgsodnHO27phshmfcGCIEqQG0mjoOPJb6bKptYEz kwbl96IalfYSIdXsIzJ6U46OnBpEoPVMdmNy9nzOY2ayndvERt3LIjrs4N0GV/aS MMEghrhw9N7yooZq2+SKF0VK5mWZVdw/pYltoaH7ebAqFRou8fxK3wBN+p94q/x/ wx9t2qQKlqF/M5L6lUp2LekSi6chfjijExXDUDZ6I5QZU1l2h7UBFIenJJ6lIBu3 aoFWQCPpLXTX4ENzTzLecBEs3wuhkJlCCznHXQ0hkSfbrTcOogwAzKv1OP465pQ9 qv/M6QHeKVtg/P8bX57y =gyrZ -----END PGP SIGNATURE-----
