N/a: Re: [alerts-security] [DLA 31-1] reportbug security update

To: alerts-security@mendix.net, debian-lts@lists.debian.org
Subject: N/a: Re: [alerts-security] [DLA 31-1] reportbug security update
From: Frank Baalbergen <frank.baalbergen@mendix.com>
Date: Fri, 08 Aug 2014 13:13:58 +0200
Message-id: <[🔎] 53E4B0F6.1040900@mendix.com>
In-reply-to: <201408071900.51874.holger@layer-acht.org>
References: <201408071900.51874.holger@layer-acht.org>

On 08/07/2014 07:00 PM, Holger Levsen wrote:

Package        : reportbug
Version        : 4.12.6+deb6u1
CVE ID         : CVE-2014-0479

Fix CVE-2014-0479: Arbitrary code execution in compare_versions.
A man-in-the-middle attacker could put shell metacharacters in the
version number, causing execution of code of their choice.


Not used
--
Frank Baalbergen - System / Network Engineer
T +31 (0)10 2760434 | frank.baalbergen@mendix.com | www.mendix.com

Reply to:

Prev by Date: Re: Security support for adns in squeeze-lts
Next by Date: N/A: Re: [alerts-security] [DLA 32-1] nspr security update
Previous by thread: Wordpress fix
Next by thread: N/A: Re: [alerts-security] [DLA 32-1] nspr security update
Index(es):
- Date
- Thread