Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL. Upstream bug: https://github.com/akrennmair/newsbeuter/issues/591 Upstream patch: https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307 References: https://groups.google.com/d/topic/newsbeuter/iFqSE7Vz-DE https://www.debian.org/security/2017/dsa-3947
Created newsbeuter tracking bugs for this issue: Affects: fedora-all [bug 1484519]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.