1
60%
master: 60%

Ran 17 Aug 2017 08:57PM UTC

Files 130

Run time 9s

Badge

Embed ▾

Committed 17 Aug 2017 06:06PM UTC coverage: 35.488% (-0.03%) from 35.514%

Job # COMPILER=g++-4.9 GCOV=/usr/bin/gcov-4.9

Build Type

push

travis-ci

Committed by

Minoru

Commit Message

Sanitize inputs to bookmark-cmd (#591)

Newsbeuter didn't properly shell-escape the arguments passed to
bookmarking command, which allows a remote attacker to perform remote
code execution by crafting an RSS item whose title and/or URL contain
something interpretable by the shell (most notably subshell
invocations.)

This has been reported by Jeriko One <jeriko.one@gmx.us>, complete with
PoC and a patch.

This vulnerability was assigned CVE-2017-12904.

Run Details

4090 of 11525 relevant lines covered (35.49%)

95.72 hits per line

akrennmair / newsbeuter / 959 / 1
60%
master: 60%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 959.1 (COMPILER=g++-4.9 GCOV=/usr/bin/gcov-4.9)

akrennmair / newsbeuter / 959 / 1 60% master: 60%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 959.1 (COMPILER=g++-4.9 GCOV=/usr/bin/gcov-4.9)

akrennmair / newsbeuter / 959 / 1
60%
master: 60%

README BADGES
x