CVE-2017-17531

GNU GLOBAL 4.8.6’s gozilla.c does not validate strings before launching the program specified by the BROWSER environment variable, enabling remote argument-injection via crafted URLs. Concrete patches exist across distros (e.g., Gentoo GLSA-202008-02; openSUSE openSUSE-2017-1420; Fedora/SUSE advi...