-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-12260 2010-08-07 22:45:50 --------------------------------------------------------------------------------
Name : uzbl Product : Fedora 13 Version : 0 Release : 0.16.20100626gitafc0f873e.fc13 URL : http://www.uzbl.org Summary : Lightweight WebKit browser following the UNIX philosophy Description : Uzbl is a lightweight web browser based on WebKit/Gtk+. Uzbl follows the UNIX philosophy - "Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface." -------------------------------------------------------------------------------- Update Information: Fix a bug in the default configuration for the mouse bindings that can allow crafted links to execute arbitrary shell code. Please check your local configuration and replace "\...@selected_uri" with "$8" in any string that is executed as shell code (usually involves "sh 'commands_here'"). -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #621964 - CVE-2010-2809 uzbl: malicious code execution via unsanitized @SELECTED_URI https://bugzilla.redhat.com/show_bug.cgi?id=621964 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update uzbl' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
