[Pkg-pascal-devel] pasdoc CVE-2017-17527
Paul Gevers
elbrus at debian.org
Fri Dec 15 08:02:35 UTC 2017
Hi Michalis,
I assume someone already contacted you about CVE-2017-17527 right?
delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate
strings before launching the program specified by the BROWSER
environment variable, which might allow remote attackers to conduct
argument-injection attacks via a crafted URL.
https://security-tracker.debian.org/tracker/CVE-2017-17527
Paul
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-pascal-devel/attachments/20171215/8d687c88/attachment.sig>
More information about the Pkg-pascal-devel
mailing list