[Frugalware-git] homepage-ng: FSA264-terminal

Thu, 06 Sep 2007 12:22:22 -0700 

Git-Url: 
http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=892cd34df0865cfe3e2f2bcc473126e1789a2126

commit 892cd34df0865cfe3e2f2bcc473126e1789a2126
Author: voroskoi <[EMAIL PROTECTED]>
Date:   Thu Sep 6 21:17:44 2007 +0200

FSA264-terminal

diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml
index 46d71a7..b4e28f8 100644
--- a/frugalware/xml/security.xml
+++ b/frugalware/xml/security.xml
@@ -27,6 +27,18 @@

<fsas>
<fsa>
+               <id>264</id>
+               <date>2007-09-06</date>
+               <author>voroskoi</author>
+               <package>terminal</package>
+               <vulnerable>0.2.6-1</vulnerable>
+               <unaffected>0.2.6-2terminus1</unaffected>
+               <bts>http://bugs.frugalware.org/task/2256</bts>
+               
<cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3770</cve>
+               <desc>Lasse Karkkainen has reported a security issue in Xfce 
Terminal, which can be exploited by malicious people to inject shell commands.
+                       The "terminal_helper_execute()" function in 
terminal/terminal.c uses "/bin/sh -c" to spawn the browser process. This can be 
used to disclose sensitive information or execute shell commands by e.g. 
tricking a user into opening a malicious link using the "Open Link" 
functionality.</desc>
+       </fsa>
+       <fsa>
<id>263</id>
<date>2007-09-06</date>
<author>voroskoi</author>
_______________________________________________
Frugalware-git mailing list
[email protected]
http://frugalware.org/mailman/listinfo/frugalware-git

Reply via email to