[Pkg-pascal-devel] pasdoc CVE-2017-17527

Paul Gevers elbrus at debian.org
Fri Dec 15 08:02:35 UTC 2017

Hi Michalis,

I assume someone already contacted you about CVE-2017-17527 right?

delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate
strings before launching the program specified by the BROWSER
environment variable, which might allow remote attackers to conduct
argument-injection attacks via a crafted URL.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-pascal-devel/attachments/20171215/8d687c88/attachment.sig>

More information about the Pkg-pascal-devel mailing list