Date: Tue, 10 Dec 2013 14:46:14 +0100 From: Axel Beckert <abe@...ian.org> To: oss-security@...ts.openwall.com Cc: Debian Security Team <team@...urity.debian.org>, Andy Lester <andy@...dance.com>, 731848@...s.debian.org Subject: CVE request for remote code execution in ack Hi, as discussed with Salvatore Bonaccorso of the Debian Security Team (team cc'ed), I'm herewith requesting a CVE ID for the following security issue in ack (http://beyondgrep.com/, also known as ack-grep in multiple distributions; upstream developer cc'ed): * Remote code execution via options --pager, --output, and --regexp in per-project .ackrc files Details and original report: https://github.com/petdance/ack2/issues/399 Changelog: https://metacpan.org/source/PETDANCE/ack-2.12/Changes Further references: http://bugs.debian.org/731848 Affected versions: 2.00 to 2.10. Not affected versions: Below 2.00 Fixed versions: 2.12 so far Regards, Axel -- ,''`. | Axel Beckert <abe@...ian.org>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE `- | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.