[Secure-testing-team] Bug#594301: CVE-2010-2809: The default configuration does not properly use the @SELECTED_URI feature
Giuseppe Iuculano
iuculano at debian.org
Wed Aug 25 07:21:22 UTC 2010
Package: uzbl
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for uzbl.
CVE-2010-2809[0]:
| The default configuration of the <Button2> binding in Uzbl before
| 2010.08.05 does not properly use the @SELECTED_URI feature, which
| allows user-assisted remote attackers to execute arbitrary commands
| via a crafted HREF attribute of an A element in an HTML document.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2809
http://security-tracker.debian.org/tracker/CVE-2010-2809
Cheers,
Giuseppe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkx0xHAACgkQNxpp46476aqC0QCgkuktJJZdbPH34bU2eD9I4CRi
ai8An25seVAEQUkJk6iX5SJG21XSPjNP
=SpKj
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list