MGASA-2023-0103

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2023-0103.html

Import Source

https://advisories.mageia.org/MGASA-2023-0103.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2023-0103

Related

CVE-2023-1350

Published

2023-03-18T22:16:28Z

Modified

2023-03-18T21:09:28Z

Summary

Updated liferea packages fix security vulnerability

Details

Remote code execution on feed enrichment. If "Extract full content from HTML5 and Google AMP" has been enabled for one or more feed subscriptions it is possible for a an attacker to inject a script command that runs with user priveleges. (CVE-2023-1350)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / liferea

Package

Name: liferea
Purl: pkg:rpm/mageia/liferea?arch=source&distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.12.10-1.1.mga8

Ecosystem specific

{
    "section": "core"
}