AVG-401

Package newsbeuter
Status Fixed
Severity High
Type arbitrary command execution
Affected 2.9-7
Fixed 2.9-8
Current Removed
Ticket None
Created Sat Sep 16 20:09:16 2017
Issue Severity Remote Type Description
CVE-2017-14500 High Yes Arbitrary command execution
Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote...
CVE-2017-12904 High Yes Arbitrary command execution
Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to...
Date Advisory Package Description
16 Sep 2017 ASA-201709-11 newsbeuter arbitrary command execution
Notes
2.9-7 did not properly apply the patch file for CVE-2017-12904