[Secure-testing-team] Bug#871810: cvs: CVE-2017-12836: CVS and ssh command injection
Salvatore Bonaccorso
carnil at debian.org
Fri Aug 11 19:39:16 UTC 2017
Source: cvs
Version: 2:1.12.13+real-9
Severity: grave
Tags: upstream security
Justification: user security hole
Hi,
the following vulnerability was published for cvs.
CVE-2017-12836[0]:
CVS and ssh command injection
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-12836
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12836
[1] http://www.openwall.com/lists/oss-security/2017/08/11/1
Regards,
Salvatore
More information about the Secure-testing-team
mailing list