-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Package : xdg-utils Version : 1.1.0~rc1+git20111210-6+deb7u4 CVE ID : CVE-2017-18266 Debian Bug : 898317 It was found that the open_envvar function in xdg-utils does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. For Debian 7 "Wheezy", these problems have been fixed in version 1.1.0~rc1+git20111210-6+deb7u4. We recommend that you upgrade your xdg-utils packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAlsH4SsACgkQhj1N8u2c KO99mA/9FdvP2h0WoVXzn4KlBdvmPOhF8GF3UCi4Sh9VVGD+Qgv8721W5e+sjnqV j9fMdfF2w+KR236UCQdTcUz3adnAjkOINu4zjvwGI8zLSeu6Yi6VoNgJ4usZke52 HGAE9bu8v9HuJLl8/lhal0ZfCIPU5sigSn6LELZBNHlAzqs7nzSbY9Ch19yxlMLz XxpZWlNUzL6lpm7IUbxYqYDHkccH76ek4t+SlBwHSETTQEVIFRr7dMq8T4Xwl7z2 3KGyPxIfXrpi512HxdrK4epDojKLXD2/1oR9aFtSlZ4Ys2B1warjmcdf63KKcV4P 0IbY3Oq/DkG0R6eOfdJA2Yib05MBFJsjJr9kLOCFAv+3WgHZ0TzV2biQdFbeeLDi uWEOOtszeYxdPmp6kG/1OfOS3A+YnvH/k3cV/pWF7gAYinM0dSKiELYcWAHj1tIK f1yfgas8bccCTpmCNi1ssqs4PyklfDCHRlZeLmk+ZrWXG72MxHSDPSbcSqe+7+X8 tSueH8tdOam2tKCrmrR8LJwouOhHUthmGScFOKoMEHWqafn9IxI/6ml9KfvebUDK iiQB6L0dyJVKLzzM+aO4EiQrh0rLiDRUzMlY4RrySpgfms3lgCEIv4M8d/bbGfeU vqd7xFULZ+KJohGvctuwYbBv+2EJsISE7UbdkeIyQTIwFn3UiTY= =73w9 -----END PGP SIGNATURE-----
