[Portland-bugs] [Bug 89129] New: another command injection vulnerability

Thu Feb 12 22:24:03 PST 2015

https://bugs.freedesktop.org/show_bug.cgi?id=89129

            Bug ID: 89129
           Summary: another command injection vulnerability
           Product: Portland
           Version: 1.1.0 rc1
          Hardware: All
               URL: https://bugs.debian.org/777722
                OS: Linux (All)
            Status: NEW
          Severity: critical
          Priority: high
         Component: xdg-utils
          Assignee: portland-bugs at lists.freedesktop.org
          Reporter: michael.s.gilbert at gmail.com

A Debian user reported a different command injection issue recently, and
proposed a patch too:
https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=xdg-open.diff;att=1;bug=777722

Seems to do with local variable usage that isn't really local.  For more
detail, see:
https://bugs.debian.org/777722

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/portland-bugs/attachments/20150213/4c6b46d5/attachment.html>