Updated liferea packages fix security vulnerability
Publication date: 18 Mar 2023Modification date: 18 Mar 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-1350
Description
Remote code execution on feed enrichment. If "Extract full content from HTML5 and Google AMP" has been enabled for one or more feed subscriptions it is possible for a an attacker to inject a script command that runs with user priveleges. (CVE-2023-1350)
References
SRPMS
8/core
- liferea-1.12.10-1.1.mga8