pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: pkgsrc/devel/global

On Wed, Jan 10, 2018 at 09:51:57AM +0000, Thomas Klausner wrote:
> o gozilla: A critical vulnerability (CVE-2017-17531) was found in a unknown
>   function of gozilla(1). It allows remote attackers to execute arbitrary
>   code via a crafted URL. All gozilla(1) before GLOBAL-6.6.1 have the vulnerability.
>   Now it is fixed.
> - What is the unknown function?
> Gozilla accepts a URL as an argument, and invokes a web browser with the URL.
> Though it is undocumented, it is implied in the online manual as follows:

pullup please

Home | Main Index | Thread Index | Old Index