Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 10 Dec 2013 14:46:14 +0100
From: Axel Beckert <>
Cc: Debian Security Team <>,
	Andy Lester <>,
Subject: CVE request for remote code execution in ack


as discussed with Salvatore Bonaccorso of the Debian Security Team
(team cc'ed), I'm herewith requesting a CVE ID for the following
security issue in ack (, also known as ack-grep
in multiple distributions; upstream developer cc'ed):

* Remote code execution via options --pager, --output, and --regexp in
  per-project .ackrc files

  Details and original report:
  Further references:

  Affected versions: 2.00 to 2.10.
  Not affected versions: Below 2.00
  Fixed versions: 2.12 so far

		Regards, Axel
 ,''`.  |  Axel Beckert <>,
: :' :  |  Debian Developer, Admin
`. `'   |  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE
  `-    |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ