Security
Security
A vulnerability has been discovered in Liferea, which can lead to remote code execution.
| Package | net-news/liferea on all architectures |
|---|---|
| Affected versions | < 1.12.10 |
| Unaffected versions | >= 1.12.10 |
Liferea is a feed reader/news aggregator that brings together all of the content from your favorite subscriptions into a simple interface that makes it easy to organize and browse feeds. Its GUI is similar to a desktop mail/news client, with an embedded web browser.
A vulnerability has been discovered in Liferea. Please review the CVE identifier referenced below for details.
A vulnerability was found in liferea. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source can lead to os command injection. The attack may be launched remotely.
There is no known workaround at this time.
All Liferea users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-news/liferea-1.12.10"
Release date
July 01, 2024
Latest revision
July 01, 2024: 1
Severity
normal
Exploitable
remote
Bugzilla entries