Fedora Account System
Red Hat Associate
Red Hat Customer
Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure (i.e., a podcast file) that includes shell metacharacters in its filename, related to pb_controller.cpp and queueloader.cpp, a different vulnerability than CVE-2017-12904. Upstream issue: https://github.com/akrennmair/newsbeuter/issues/598 Upstream patch: https://github.com/akrennmair/newsbeuter/commit/26f5a4350f3ab5507bb8727051c87bb04660f333 References: http://openwall.com/lists/oss-security/2017/09/16/1
Created newsbeuter tracking bugs for this issue: Affects: fedora-all [bug 1484519]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.