On Fri, Jan 4, 2019 at 3:31 PM Salvatore Bonaccorso wrote:
> Did you got a chance to ping upstream on that issue and report it?
No, but you can if you like.
https://gitlab.gnome.org/World/AbiWord is the current source repo, but
you might need to still use bugzilla for reporting issues.
Thanks,
On Sun, May 27, 2018 at 10:54:06PM +0200, Gabriel Corona wrote:
> This seems correct with respect to injection through the URI:
> the URI string cannot be expanded into multiple arguments
> and is not passed to `system()`.
Agreed, this CVE seems like a non issue, the CVE entry at MITRE
also only r
Hi Jeremy,
On Mon, Mar 12, 2018 at 10:07:05PM +0100, Salvatore Bonaccorso wrote:
> Jeremy,
>
> On Sun, Mar 11, 2018 at 08:45:42AM -0400, Jeremy Bicha wrote:
> > On Sun, Mar 11, 2018 at 8:40 AM, Salvatore Bonaccorso
> > wrote:
> > > Is abiword upstream still active?
> >
> > Yes.
> >
> > https:
Hi,
Are you sure this is vulnerable ? I did not manage to trigger anything
problematic.
The code referenced is (in fallback_open_uri):
gintargc;
gchar **argv = NULL;
char *cmd_line = g_strconcat (browser, " %1", NULL);
if (g_shell_parse_argv (cmd_line, &argc, &argv, err)) {
/* check fo
Jeremy,
On Sun, Mar 11, 2018 at 08:45:42AM -0400, Jeremy Bicha wrote:
> On Sun, Mar 11, 2018 at 8:40 AM, Salvatore Bonaccorso
> wrote:
> > Is abiword upstream still active?
>
> Yes.
>
> https://bugzilla.abisource.com/
>
> Here's a git mirror of their svn repo. The git mirror is sometimes a
>
On Sun, Mar 11, 2018 at 8:40 AM, Salvatore Bonaccorso wrote:
> Is abiword upstream still active?
Yes.
https://bugzilla.abisource.com/
Here's a git mirror of their svn repo. The git mirror is sometimes a
bit out of date.
https://github.com/AbiWord/abiword/commits/trunk
Thanks,
Jeremy Bicha
Hi Jeremy,
On Sun, Mar 11, 2018 at 07:52:13AM -0400, Jeremy Bicha wrote:
> Control: reopen -1
> Control: tags -1 moreinfo
>
> On Thu, Dec 21, 2017 at 7:55 AM, Salvatore Bonaccorso
> wrote:
> > Source: abiword
> > Version: 3.0.2-5
> > Severity: normal
> > Tags: security upstream
> >
> > Hi,
> >
Control: reopen -1
Control: tags -1 moreinfo
On Thu, Dec 21, 2017 at 7:55 AM, Salvatore Bonaccorso wrote:
> Source: abiword
> Version: 3.0.2-5
> Severity: normal
> Tags: security upstream
>
> Hi,
>
> the following vulnerability was published for abiword.
>
> CVE-2017-17529[0]:
> | af/util/xp/ut_g
Source: abiword
Version: 3.0.2-5
Severity: normal
Tags: security upstream
Hi,
the following vulnerability was published for abiword.
CVE-2017-17529[0]:
| af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings
| before launching the program specified by the BROWSER environment
| v
9 matches
Mail list logo