[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: CVS commit: pkgsrc/devel/global
On Wed, Jan 10, 2018 at 09:51:57AM +0000, Thomas Klausner wrote:
> o gozilla: A critical vulnerability (CVE-2017-17531) was found in a unknown
> function of gozilla(1). It allows remote attackers to execute arbitrary
> code via a crafted URL. All gozilla(1) before GLOBAL-6.6.1 have the vulnerability.
> Now it is fixed.
> - What is the unknown function?
> Gozilla accepts a URL as an argument, and invokes a web browser with the URL.
> Though it is undocumented, it is implied in the online manual as follows:
Main Index |
Thread Index |