Improper hypertext validation might allow remote attackers to execute arbitrary code.
|Package||x11-terms/evilvte on all architectures|
|Affected versions||<= 0.5.1|
VTE based, highly customizable terminal emulator
Steve Kemp of Debian identified a flaw in evilvte which does not properly validate hypertext links. Please review the Debian bug report referenced below.
Remote attackers could execute arbitrary code by enticing a user to click a hyperlink in their terminal.
There is no known workaround at this time.
Gentoo Security recommends that users unmerge evilvte:
# emerge --unmerge "x11-terms/evilvte"
August 21, 2017
August 26, 2017: 2