Bug 621965
| Summary: | CVE-2010-2809 uzbl: malicious code execution via unsanitized @SELECTED_URI [fedora-all] | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Vincent Danen <vdanen> |
| Component: | uzbl | Assignee: | Ben Boeckel <fedora> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 13 | CC: | dueno, fedora |
| Target Milestone: | --- | Keywords: | Security, SecurityTracking |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | uzbl-0-0.16.20100626gitafc0f873e.fc14 | Doc Type: | Release Note |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2010-08-21 04:28:52 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 621964 | ||
|
Description
Vincent Danen
2010-08-06 16:09:56 UTC
I will update this when I get home if not already done by then. uzbl-0-0.16.20100626gitafc0f873e.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/uzbl-0-0.16.20100626gitafc0f873e.fc13 uzbl-0-0.16.20100626gitafc0f873e.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/uzbl-0-0.16.20100626gitafc0f873e.fc12 uzbl-0-0.16.20100626gitafc0f873e.fc14 has been submitted as an update for Fedora 14. http://admin.fedoraproject.org/updates/uzbl-0-0.16.20100626gitafc0f873e.fc14 Updates filed. @Vincent: Should I announce this on the ML so that uzbl users can update their configs (usually copies of the system one)? I'm unfamiliar with security bug processes and when they become public. uzbl-0-0.16.20100626gitafc0f873e.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update uzbl'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/uzbl-0-0.16.20100626gitafc0f873e.fc13 uzbl-0-0.16.20100626gitafc0f873e.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update uzbl'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/uzbl-0-0.16.20100626gitafc0f873e.fc12 (In reply to comment #5) > Updates filed. > > @Vincent: Should I announce this on the ML so that uzbl users can update their > configs (usually copies of the system one)? I'm unfamiliar with security bug > processes and when they become public. This should be ok. You made a note of it in the update, so when it hits the mailing list and is released, that information should be in the mailing list email as well. Once it goes through testing, it should be automatically announced, so you shouldn't have to do anything more than that. Thanks! I don't seem to be able to do it, but is there a way you can edit the text and/or links in these updates to point to the top-level bug and note the CVE name that was just assigned (CVE-2010-2809)? If you could do that, that would be fantastic (if not, don't worry about it... I seem to recall it being possible to do, but I don't see a way of being able to do it myself). Edited for F12, F13, and F14. uzbl-0-0.16.20100626gitafc0f873e.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update uzbl'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/uzbl-0-0.16.20100626gitafc0f873e.fc14 uzbl-0-0.16.20100626gitafc0f873e.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update uzbl'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/uzbl-0-0.16.20100626gitafc0f873e.fc12 uzbl-0-0.16.20100626gitafc0f873e.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update uzbl'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/uzbl-0-0.16.20100626gitafc0f873e.fc13 uzbl-0-0.16.20100626gitafc0f873e.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report. uzbl-0-0.16.20100626gitafc0f873e.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report. uzbl-0-0.16.20100626gitafc0f873e.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report. |