[Secure-testing-team] Bug#594301: CVE-2010-2809: The default configuration does not properly use the @SELECTED_URI feature

Giuseppe Iuculano iuculano at debian.org
Wed Aug 25 07:21:22 UTC 2010


Package: uzbl
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for uzbl.

CVE-2010-2809[0]:
| The default configuration of the <Button2> binding in Uzbl before
| 2010.08.05 does not properly use the @SELECTED_URI feature, which
| allows user-assisted remote attackers to execute arbitrary commands
| via a crafted HREF attribute of an A element in an HTML document.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2809
    http://security-tracker.debian.org/tracker/CVE-2010-2809

Cheers,
Giuseppe

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkx0xHAACgkQNxpp46476aqC0QCgkuktJJZdbPH34bU2eD9I4CRi
ai8An25seVAEQUkJk6iX5SJG21XSPjNP
=SpKj
-----END PGP SIGNATURE-----





More information about the Secure-testing-team mailing list