Launchpad CVE tracker

CVE 2007-5837

GUI.pm in yarssr 0.2.2, when Gnome default URL handling is disabled, allows remote attackers to execute arbitrary commands via shell metacharacters in a link element in a feed.

Related bugs and status

CVE-2007-5837 (Candidate) is related to these bugs:

Bug #162351: CVE-2007-5837: Code injection through badly formatted URL

		In	Importance	Status
162351	CVE-2007-5837: Code injection through badly formatted URL	yarssr (Ubuntu)	High	Fix Released
162351	CVE-2007-5837: Code injection through badly formatted URL	yarssr (Ubuntu Dapper)	High	Fix Released
162351	CVE-2007-5837: Code injection through badly formatted URL	yarssr (Ubuntu Edgy)	High	Fix Released
162351	CVE-2007-5837: Code injection through badly formatted URL	yarssr (Ubuntu Gutsy)	High	Fix Released
162351	CVE-2007-5837: Code injection through badly formatted URL	yarssr (Ubuntu Hardy)	High	Fix Released
162351	CVE-2007-5837: Code injection through badly formatted URL	yarssr (Ubuntu Feisty)	High	Fix Released
162351	CVE-2007-5837: Code injection through badly formatted URL	yarssr (Debian)	Unknown	Fix Released

Bug #186572: [yarssr] [CVE-2007-5837] missing input sanitising could result in execution of arbitrary shell commands

Summary				In	Importance	Status
	186572	[yarssr] [CVE-2007-5837] missing input sanitising could result in execution of arbitrary shell commands		yarssr (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2007-5837

References