| Errata ID | 280 |
|---|---|
| Date | 2018-01-31 |
| Source package | sensible-utils |
| Fixed in version | 0.0.9+deb8u1 |
| Description | This update addresses the following issue: * sensible-browser does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument. (CVE-2017-17512) |
| Additional notes | |
| CVE ID | CVE-2017-17512 |
| UCS Bug number | #46160 |
