[Secure-testing-team] Bug#482853: cbrpager: command execution flaw via malicious file names
Steffen Joeris
steffen.joeris at skolelinux.de
Sun May 25 14:08:00 UTC 2008
Package: cbrpager
Severity: grave
Tags: security, patch
Justification: user security hole
Hi
cbrpager is affected by a command execution flaw via malicious file
names in a similar was as comix was affected(0).
A CVE id for this issue has been requested.
For more information see the redhat bugreport(1).
The upstream patch can be found here(2).
Cheers
Steffen
(0): http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462840
(1): https://bugzilla.redhat.com/show_bug.cgi?id=448285
(2): http://cvs.fedoraproject.org/viewcvs/rpms/cbrpager/devel/cbrpager-0.9.16-filen-shell-escaping.patch?rev=1.2
More information about the Secure-testing-team
mailing list