Re: CVS commit: pkgsrc/devel/global

To: Thomas Klausner <wiz%netbsd.org@localhost>
Subject: Re: CVS commit: pkgsrc/devel/global
From: maya%netbsd.org@localhost
Date: Thu, 11 Jan 2018 11:59:47 +0000

On Wed, Jan 10, 2018 at 09:51:57AM +0000, Thomas Klausner wrote:
> o gozilla: A critical vulnerability (CVE-2017-17531) was found in a unknown
>   function of gozilla(1). It allows remote attackers to execute arbitrary
>   code via a crafted URL. All gozilla(1) before GLOBAL-6.6.1 have the vulnerability.
>   Now it is fixed.
> 
> - What is the unknown function?
> Gozilla accepts a URL as an argument, and invokes a web browser with the URL.
> Though it is undocumented, it is implied in the online manual as follows:
> 

pullup please

References:
- CVS commit: pkgsrc/devel/global
  - From: Thomas Klausner

Prev by Date: CVS commit: pkgsrc/sysutils/kfilemetadata
Next by Date: CVS commit: pkgsrc/ham/fldigi
Previous by Thread: CVS commit: pkgsrc/devel/global
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index