[ubuntu/xenial-updates] newsbeuter 2.9-3ubuntu0.1 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Wed Oct 7 14:28:07 UTC 2020


newsbeuter (2.9-3ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Remote code execution vulnerabilities
    - debian/patches/23-fix-RCE-on-bookmark.patch: Fix a RCE vulnerability on
      the bookmark command.
    - debian/patches/25-fix-RCE-in-podbeuter.patch: Work around shell code in
      podcast names.
    - CVE-2017-12904
    - CVE-2017-14500
  * SECURITY UPDATE: Other fixes
    - debian/patches/01-typos.patch: Fix a few typos
    - debian/patches/02-new-issue-tracker.patch: Change the docs to reference
      the new issue tracker.
    - debian/patches/04-cache-deletion-with-one-feed.patch: Fixes a bug that
      deleted the cache if there is one feed configured.
    - debian/patches/07-json-object-get.patch: Replace deprecated function
      calls.
    - debian/patches/08-feeds-marked-unread.patch: Fix a bug that marked posts
      unread.
    - debian/patches/09-config-parser-off-by-one.patch: Don't fail if 3
      arguments are passed to highlight.
    - debian/patches/10-a2x-warnings.patch: Fix a2x warning when generating
      the manpages.
    - debian/patches/11-query-feed-tokenization.patch: Fix age filter for
      query feeds not being parsed properly.
    - debian/patches/12-highlight-article-priority.patch: Fix highlight-article
      not working with unread items.
    - debian/patches/13-dont-include-compilation-time.patch: Using __DATE__ or
      __TIME__ breaks reproducible builds.
    - debian/patches/14-handle-urls-files-lacking-eol.patch: Properly handle
      urls files that lack the EOL character at the end.
    - debian/patches/15-dont-skip-ignored.patch: Fix a bug that skipped items
      while checking against ignore rules.
    - debian/patches/16-fix-invalid-pointers.patch: Fix a use after free in the
      rss parser.
    - debian/patches/17-dont-ignore-self-closing-tags.patch: Don't ignore self
      closing HTML break elements.
    - debian/patches/18-ssl-verify.patch: Add a config option to control SSL
      verification.
    - debian/patches/19-clean-doc.patch: Clean the docs before compiling.
    - debian/patches/20-prevent-http-header-reset.patch: Fix authentication
      issues when using external APIs.
    - debian/patches/21-parse-h5-h6-html-headers.patch: Fix h5 and h6 html
      headers not being handled.
    - debian/patches/22-use-pkg-config-to-search-for-ncursesw.patch: Use
      pkg-config to search for ncursesw.
    - debian/patches/24-link-binaries-order.patch: Link binaries in the same
      order to avoid random reproducability failures.
    - debian/patches/101-macro-example.patch: Fix a mistake in an example
      macro.
    - debian/patches/102-color-config-example.patch: Use the actual color
      commands in the docs to improve readablility.
    - debian/patches/201-german-l10n-revision.patch: Revised german
      translation.

Date: 2020-10-05 19:48:21.251049+00:00
Changed-By: Paulo Flabiano Smorigo <pfsmorigo at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/newsbeuter/2.9-3ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Xenial-changes mailing list