Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 10 Dec 2013 14:46:14 +0100
From: Axel Beckert <abe@...ian.org>
To: oss-security@...ts.openwall.com
Cc: Debian Security Team <team@...urity.debian.org>,
	Andy Lester <andy@...dance.com>, 731848@...s.debian.org
Subject: CVE request for remote code execution in ack

Hi,

as discussed with Salvatore Bonaccorso of the Debian Security Team
(team cc'ed), I'm herewith requesting a CVE ID for the following
security issue in ack (http://beyondgrep.com/, also known as ack-grep
in multiple distributions; upstream developer cc'ed):

* Remote code execution via options --pager, --output, and --regexp in
  per-project .ackrc files

  Details and original report: https://github.com/petdance/ack2/issues/399
  Changelog: https://metacpan.org/source/PETDANCE/ack-2.12/Changes
  Further references: http://bugs.debian.org/731848

  Affected versions: 2.00 to 2.10.
  Not affected versions: Below 2.00
  Fixed versions: 2.12 so far

		Regards, Axel
-- 
 ,''`.  |  Axel Beckert <abe@...ian.org>, http://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE
  `-    |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ