CVE-2017-17511

KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to prefs.c and worldgui.c.

References

Affected packages

Debian:11 / kildclient

Package

Name: kildclient
Purl: pkg:deb/debian/kildclient?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / kildclient

Package

Name: kildclient
Purl: pkg:deb/debian/kildclient?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / kildclient

Package

Name: kildclient
Purl: pkg:deb/debian/kildclient?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}