Errata overview
Errata ID 280
Date 2018-01-31
Source package sensible-utils
Fixed in version 0.0.9+deb8u1
This update addresses the following issue:
* sensible-browser does not validate strings before launching the program
  specified by the BROWSER environment variable, which allows remote
  attackers to conduct argument-injection attacks via a crafted URL, as
  demonstrated by a --proxy-pac-file argument. (CVE-2017-17512)
Additional notes
CVE ID CVE-2017-17512
UCS Bug number #46160