CVE-2013-1436
I’ve just made an
advisory
about CVE-2013-1436. It was quite interesting to discover and
exploit. A
patch
with a fix is already available. If you use xmonad along with
xmobar or dzen, you should patch and re-compile your xmonad
binary as soon as posible, or you’ll be exposed to a remote command
injection vulnerability.
I would like to thank Joachim Breitner and the Debian Security Team for their help in disclosing this issue.