Package: xfce4-terminal Version: 0.2.5.6rc1-2 Severity: grave Tags: security, patch
CVE-2007-3770 says: The terminal_helper_execute function in terminal/terminal.c in Xfce Terminal 0.2.6 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a crafted link, as demonstrated using the "Open Link" functionality. Upstream link: http://bugzilla.xfce.org/show_bug.cgi?id=3383 The attached patch fixes this: the code changes add shell quoting, using g_shell_quote(), and the *.desktop.in files are modified to avoid over-quoting (without this, we'd get "'foo'" instead of 'foo'). -- | Darren Salt | linux or ds at | nr. Ashington, | Toon | RISC OS, Linux | youmustbejoking,demon,co,uk | Northumberland | Army | + Use more efficient products. Use less. BE MORE ENERGY EFFICIENT. Confucius say: He who post large binary, get flamed.
01_CVE-2007-3770.patch
Description: Binary data