Date: Thu, 1 Jan 2015 08:51:31 +0100 From: Salvatore Bonaccorso <carnil@...ian.org> To: OSS Security Mailinglist <oss-security@...ts.openwall.com> Cc: CVE Assignments MITRE <cve-assign@...re.org> Subject: CVE Request: xdg-utils: xdg-open: command injection vulnerability Hi >From the references it is not clear, if a CVE was already requested in past, but I have not found a reference here. xdg-open has a command injection vulnerability, which was reported on  and . The Freedesktop.org Bug entry contains also a patch. The issue was hilighted again on the fulldisclosure list in . In case it is not yet assigned, could you please assign a CVE for this RCE for xdg-open in xdg-utils? References:  https://bugs.gentoo.org/show_bug.cgi?id=472888  https://bugs.freedesktop.org/show_bug.cgi?id=66670  https://bugs.freedesktop.org/attachment.cgi?id=109536  http://seclists.org/fulldisclosure/2014/Nov/36  https://bugs.debian.org/773085 Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ