Explore top 10 tips to secure your open-source projects now. Read More
×
It was found that the open_envvar function in xdg-utils does not
validate strings before launching the program specified by the BROWSER
environment variable, which might allow remote attackers to conduct
argument-injection attacks via a crafted URL.
For Debian 7 "Wheezy", these problems have been fixed in version
1.1.0~rc1+git20111210-6+deb7u4.
We recommend that you upgrade your xdg-utils packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Get the latest Linux and open source security news straight to your inbox.