oss-sec mailing list archives
Re: CVE Request: xdg-utils: xdg-open: command injection vulnerability
From: cve-assign () mitre org
Date: Sat, 17 Jan 2015 17:54:16 -0500 (EST)
From the references it is not clear, if a CVE was already requested inpast, but I have not found a reference here. xdg-open has a command injection vulnerability, which was reported on [1] and [2]. The Freedesktop.org Bug entry contains also a patch[3]. The issue was hilighted again on the fulldisclosure list in [4]. In case it is not yet assigned, could you please assign a CVE for this RCE for xdg-open in xdg-utils? References: [1] https://bugs.gentoo.org/show_bug.cgi?id=472888 [2] https://bugs.freedesktop.org/show_bug.cgi?id=66670 [3] https://bugs.freedesktop.org/attachment.cgi?id=109536 [4] http://seclists.org/fulldisclosure/2014/Nov/36 [5] https://bugs.debian.org/773085 Regards, Salvatore
Use CVE-2014-9622. --- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ]
Current thread:
- CVE Request: xdg-utils: xdg-open: command injection vulnerability Salvatore Bonaccorso (Dec 31)
- Re: CVE Request: xdg-utils: xdg-open: command injection vulnerability Salvatore Bonaccorso (Jan 16)
- Re: CVE Request: xdg-utils: xdg-open: command injection vulnerability cve-assign (Jan 17)
- <Possible follow-ups>
- CVE Request: xdg-utils: xdg-open: command injection vulnerability Salvatore Bonaccorso (Feb 18)
- Re: CVE Request: xdg-utils: xdg-open: command injection vulnerability cve-assign (Feb 18)
- Re: Re: CVE Request: xdg-utils: xdg-open: command injection vulnerability Michael Gilbert (Feb 18)
- Re: CVE Request: xdg-utils: xdg-open: command injection vulnerability cve-assign (Feb 18)