[Pkg-mc-devel] Bug#689571: CVE-2012-4463: Improper sanitization of MC_EXT_SELECTED variable when viewing multiple files

Salvatore Bonaccorso carnil at debian.org
Thu Oct 4 06:52:19 UTC 2012


Package: mc
Version: 3:4.8.5-1~exp4
Severity: important
Tags: security

Hi,
the following vulnerability was published for mc.

CVE-2012-4463[0]:
Improper sanitization of MC_EXT_SELECTED variable when viewing multiple files

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] http://security-tracker.debian.org/tracker/CVE-2012-4463

Please adjust the affected versions in the BTS as needed.

Note: I have not checked the code if actually also the versions in
      stable, testing and unstable are affected. At first glance it
      seems that at least the experimental version is affected.

Regards,
Salvatore
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-mc-devel/attachments/20121004/1346aeeb/attachment.pgp>


More information about the Pkg-mc-devel mailing list