[Secure-testing-team] Bug#849777: shutter: CVE-2016-10081: Insecure use of perl exec()
Salvatore Bonaccorso
carnil at debian.org
Fri Dec 30 21:36:38 UTC 2016
Source: shutter
Version: 0.88.3-1
Severity: grave
Tags: upstream security
Justification: user security hole
Forwarded: https://bugs.launchpad.net/shutter/+bug/1652600
Hi,
the following vulnerability was published for shutter.
CVE-2016-10081[0]:
| /usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote
| attackers to execute arbitrary commands via a crafted image name that
| is mishandled during a "Run a plugin" action.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-10081
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10081
[1] https://bugs.launchpad.net/shutter/+bug/1652600
Regards,
Salvatore
More information about the Secure-testing-team
mailing list