Security update for xdg-utils
This update for xdg-utils fixes this security issues:
- CVE-2017-18266: The open_envvar function in xdg-open did not validate strings
launching the program specified by the BROWSER environment variable, which
might allowed remote attackers to conduct argument-injection attacks via a
crafted URL (bsc#1093086).
-
Submitted by
Andreas Stieger (AndreasStieger)
Fixed bugs
bnc#1093086
VUL-0: CVE-2017-18266: xdg-utils: The open_envvar function in xdg-open does not validate strings before launching the program specified by the BROWSER environment variable
