Duncan Gilmore discovered that yarssr, an RSS aggregator and reader, performs insufficient input sanitising, which could result in the execution of arbitrary shell commands if a malformed feed is read. Due to a technical limitation of the archive management scripts, the fix for the old stable distribution (sarge) needs to be postponed by a few days. For the stable distribution (etch), this problem has been fixed in version 0.2.2-1etch1. We recommend that you upgrade your yarssr packages.
Duncan Gilmore discovered that yarssr, an RSS aggregator and reader, performs insufficient input sanitising, which could result in the execution of arbitrary shell commands if a malformed feed is read.
Due to a technical limitation of the archive management scripts, the fix for the old stable distribution (sarge) needs to be postponed by a few days.
For the stable distribution (etch), this problem has been fixed in version 0.2.2-1etch4.
We recommend that you upgrade your yarssr packages.
MD5 checksums of the listed files are available in the original advisory.