8
60%
master: 60%

Ran 17 Aug 2017 09:42PM UTC

Files 130

Run time 13s

Badge

Embed ▾

Committed 17 Aug 2017 06:06PM UTC coverage: 36.085% (-0.03%) from 36.11%

Job # COMPILER=clang++ GCOV=/usr/bin/gcov XML_CATALOG_FILES=/usr/local/etc/xml/catalog

Build Type

push

travis-ci

Committed by

Minoru

Commit Message

Sanitize inputs to bookmark-cmd (#591)

Newsbeuter didn't properly shell-escape the arguments passed to
bookmarking command, which allows a remote attacker to perform remote
code execution by crafting an RSS item whose title and/or URL contain
something interpretable by the shell (most notably subshell
invocations.)

This has been reported by Jeriko One <jeriko.one@gmx.us>, complete with
PoC and a patch.

This vulnerability was assigned CVE-2017-12904.

Run Details

4454 of 12343 relevant lines covered (36.09%)

142.66 hits per line

Source Files on job 959.8 (COMPILER=clang++ GCOV=/usr/bin/gcov XML_CATALOG_FILES=/usr/local/etc/xml/catalog)

Coverage	∆	File	Lines	Relevant	Covered	Missed	Hits/Line

akrennmair / newsbeuter / 959 / 8
60%
master: 60%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 959.8 (COMPILER=clang++ GCOV=/usr/bin/gcov XML_CATALOG_FILES=/usr/local/etc/xml/catalog)

akrennmair / newsbeuter / 959 / 8 60% master: 60%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 959.8 (COMPILER=clang++ GCOV=/usr/bin/gcov XML_CATALOG_FILES=/usr/local/etc/xml/catalog)

akrennmair / newsbeuter / 959 / 8
60%
master: 60%

README BADGES
x