[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Weechat-security] Security vulnerability in WeeChat 0.3.0 -> 0.3.9.1
From: |
FlashCode |
Subject: |
[Weechat-security] Security vulnerability in WeeChat 0.3.0 -> 0.3.9.1 |
Date: |
Sun, 18 Nov 2012 14:18:12 +0100 |
User-agent: |
Mutt/1.5.20 (2009-06-14) |
Hi all,
A security vulnerability has been fixed in WeeChat 0.3.9.2.
This problem affects all versions from 0.3.0 to 0.3.9.1.
Untrusted command for function hook_process could lead to execution of
commands, because of shell expansions.
This problem is only caused by some scripts calling function
hook_process (giving untrusted command), but the problem has been
fixed in WeeChat, for maximum safety: WeeChat will not use the shell
any more to execute command.
If you are not using any script calling function hook_process, you are
not concerned by this problem.
For more info, visit the WeeChat security page:
http://weechat.org/security/
--
Cordialement / Best regards
Sébastien.
web: flashtux.org / weechat.org mail: address@hidden
irc: FlashCode @ irc.freenode.net xmpp: address@hidden
signature.asc
Description: Digital signature
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Weechat-security] Security vulnerability in WeeChat 0.3.0 -> 0.3.9.1,
FlashCode <=