Accepted:
OK: xfce4-terminal_0.2.5.4.orig.tar.gz
OK: xfce4-terminal_0.2.5.4-0ubuntu2.1.diff.gz
OK: xfce4-terminal_0.2.5.4-0ubuntu2.1.dsc
-> Component: main Section: x11
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 12 Aug 2007 19:38:56 +0200
Source: xfce4-terminal
Binary: xfce4-terminal
Architecture: source
Version: 0.2.5.4-0ubuntu2.1
Distribution: edgy-security
Urgency: low
Maintainer: Debian Xfce Maintainers <[EMAIL PROTECTED]>
Changed-By: Lionel Le Folgoc <[EMAIL PROTECTED]>
Description:
xfce4-terminal - Xfce terminal emulator
Changes:
xfce4-terminal (0.2.5.4-0ubuntu2.1) edgy-security; urgency=low
.
* SECURITY: URL handling allows remote shell command execution.
* debian/patches/01_CVE-2007-3770.patch: patch from Darren Salt to properly
escape the uri before running the command and fix desktop files to avoid
over-quoting.
* References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3770
http://bugzilla.xfce.org/show_bug.cgi?id=3383
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437454
Files:
5556541b5e806d77a068018609d97674 967 x11 optional
xfce4-terminal_0.2.5.4-0ubuntu2.1.dsc
6759a5320fc94d1c95d2fd68dbbf974d 7764 x11 optional
xfce4-terminal_0.2.5.4-0ubuntu2.1.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGwJlTH/9LqRcGPm0RAsREAKCWUSnYQhhkZ5z3CMhmOIXMJ84vkgCgka6m
VD+hoxmsIimTCJZwvUbw75Y=
=AmCp
-----END PGP SIGNATURE-----
--
edgy-changes mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/edgy-changes
