Fabre

#1059296 hamster-time-tracker: CVE-2023-36250 #1059296

Package:: src:hamster-time-tracker

Source:: src:hamster-time-tracker

Submitter:: Moritz Mühlenhoff

Date:: 2023-12-22 20:09:33 UTC

Severity:: normal

Tags:

#1059296#5

Date:: 2023-12-22 12:44:33 UTC

From:

To:

Hi,

The following vulnerability was published for hamster-time-tracker.

CVE-2023-36250[0]:
| CSV Injection vulnerability in GNOME time tracker version 3.0.2,
| allows local attackers to execute arbitrary code via crafted .tsv
| file when creating a new record.

https://github.com/BrunoTeixeira1996/CVE-2023-36250/blob/main/README.md
sounds a little bogus, I don't see how this crosses any security boundary?

Still best to clarify with upstream, though.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-36250
https://www.cve.org/CVERecord?id=CVE-2023-36250

Please adjust the affected versions in the BTS as needed.

#1059296 hamster-time-tracker: CVE-2023-36250 #1059296

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)