Bug#731848: CVE request for remote code execution in ack
Axel Beckert
abe at debian.org
Tue Dec 10 13:46:14 UTC 2013
Hi,
as discussed with Salvatore Bonaccorso of the Debian Security Team
(team cc'ed), I'm herewith requesting a CVE ID for the following
security issue in ack (http://beyondgrep.com/, also known as ack-grep
in multiple distributions; upstream developer cc'ed):
* Remote code execution via options --pager, --output, and --regexp in
per-project .ackrc files
Details and original report: https://github.com/petdance/ack2/issues/399
Changelog: https://metacpan.org/source/PETDANCE/ack-2.12/Changes
Further references: http://bugs.debian.org/731848
Affected versions: 2.00 to 2.10.
Not affected versions: Below 2.00
Fixed versions: 2.12 so far
Regards, Axel
--
,''`. | Axel Beckert <abe at debian.org>, http://people.debian.org/~abe/
: :' : | Debian Developer, ftp.ch.debian.org Admin
`. `' | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
`- | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20131210/596d705d/attachment.sig>
More information about the pkg-perl-maintainers
mailing list