oss-sec mailing list archives
CVE id request: comix
From: Nico Golde <oss-security+ml () ngolde de>
Date: Mon, 31 Mar 2008 15:40:37 +0200
Hi, comix is vulnerable to arbitrary code execution via crafted file names. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462840 I confirmed this using comix\"\;echo\ owned\>bla\;ls\ \" as a simple reroducer. Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
_bin
Description:
Current thread:
- CVE id request: comix Nico Golde (Mar 31)
- Re: CVE id request: comix Steven M. Christey (Mar 31)