oss-sec mailing list archives
CVE request for remote code execution in ack
From: Axel Beckert <abe () debian org>
Date: Tue, 10 Dec 2013 14:46:14 +0100
Hi, as discussed with Salvatore Bonaccorso of the Debian Security Team (team cc'ed), I'm herewith requesting a CVE ID for the following security issue in ack (http://beyondgrep.com/, also known as ack-grep in multiple distributions; upstream developer cc'ed): * Remote code execution via options --pager, --output, and --regexp in per-project .ackrc files Details and original report: https://github.com/petdance/ack2/issues/399 Changelog: https://metacpan.org/source/PETDANCE/ack-2.12/Changes Further references: http://bugs.debian.org/731848 Affected versions: 2.00 to 2.10. Not affected versions: Below 2.00 Fixed versions: 2.12 so far Regards, Axel -- ,''`. | Axel Beckert <abe () debian org>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE `- | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE request for remote code execution in ack Axel Beckert (Dec 10)
- Re: CVE request for remote code execution in ack Andy Lester (Dec 10)
- Re: CVE request for remote code execution in ack Axel Beckert (Dec 10)
- Re: CVE request for remote code execution in ack Andy Lester (Dec 10)
- Re: CVE request for remote code execution in ack Axel Beckert (Dec 10)
- Re: CVE request for remote code execution in ack Andy Lester (Dec 10)