[Weechat-security] Security vulnerability in WeeChat 0.3.0 -> 0.3.9.1

weechat-security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Weechat-security] Security vulnerability in WeeChat 0.3.0 -> 0.3.9.1

From:	FlashCode
Subject:	[Weechat-security] Security vulnerability in WeeChat 0.3.0 -> 0.3.9.1
Date:	Sun, 18 Nov 2012 14:18:12 +0100
User-agent:	Mutt/1.5.20 (2009-06-14)

Hi all,

A security vulnerability has been fixed in WeeChat 0.3.9.2.
This problem affects all versions from 0.3.0 to 0.3.9.1.

Untrusted command for function hook_process could lead to execution of
commands, because of shell expansions.

This problem is only caused by some scripts calling function
hook_process (giving untrusted command), but the problem has been
fixed in WeeChat, for maximum safety: WeeChat will not use the shell
any more to execute command.

If you are not using any script calling function hook_process, you are
not concerned by this problem.

For more info, visit the WeeChat security page:
http://weechat.org/security/

-- 
Cordialement / Best regards
Sébastien.

web: flashtux.org / weechat.org      mail: address@hidden
irc: FlashCode @ irc.freenode.net    xmpp: address@hidden

signature.asc
Description: Digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Weechat-security] Security vulnerability in WeeChat 0.3.0 -> 0.3.9.1, FlashCode <=

Index(es):
- Date
- Thread