Heya! Long time no see.

I’ve just made an advisory about CVE-2013-1436. It was quite interesting to discover and exploit. A patch with a fix is already available. If you use xmonad along with xmobar or dzen, you should patch and re-compile your xmonad binary as soon as posible, or you’ll be exposed to a remote command injection vulnerability.

I would like to thank Joachim Breitner and the Debian Security Team for their help in disclosing this issue.

Posted on July 26, 2013 by Raúl Benencia

Comments? Sure! Just send me an email with it and I'll happily include it here.