Quoting the upstream news advisory [1]: "The 2010.08.05 release comes with a patched config file. With shell code in hyperlinks on a page, one of the sample (uzbl-core) resp. default (uzbl-browser) button bindings (binding for mousebutton2) would execute this code. Note that just upgrading your uzbl is not enough. If you have an existing config, the change will not be automatically applied. So be sure you have this change in your config." And an associated bug report [2] exists as well. There is no patch noted in the bug report. This would affect all versions of Fedora. [1] http://www.uzbl.org/news.php?id=29 [2] http://www.uzbl.org/bugs/index.php?do=details&task_id=240
Created uzbl tracking bugs for this issue Affects: fedora-all [bug 621965]
This was assigned CVE-2010-2809.