Bug#731848: CVE Request: ack-grep: potential remote code execution via per-project .ackrc files
cve-assign at mitre.org
cve-assign at mitre.org
Thu Dec 12 04:49:57 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> This verison of ack prevents the --pager, --regex and --output
> options from being used from project-level ackrc files. It is
> possible to execute malicious code with these options
Use CVE-2013-7069.
- --
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)
iQEcBAEBAgAGBQJSqT/wAAoJEKllVAevmvms2mUH+gMG97hD1ieJnU8eDSBz2jTP
ZOy+PH/QzLcaSEtFrPG7ge9SfY8sowGGpTQPPyMI08zAdWZNlPCKzi/Y0Od0tohv
dxkXwUoluY/KGvpoUD1doVGf49mGNTfP7x/KxIdYQn/0aMTOQ9uf95QA640AV3k9
kKTdUiCBs3pvQ0yT//euC0nQMEUC+cWzs6DvDtckAyGc2Dn53MLTSlL2jx3fkrvj
JM/kDaWB3yebdF0anDbrnq6lDSo+XfoTie4XQgHU+AMCopVYYXryipK2xt95DKtW
SwXZnBMjeWtcQMV1i0E5awL5GFEkA20sUMBcc/aDadQMGuBTcL9dn/lzhPvEy8E=
=7136
-----END PGP SIGNATURE-----
More information about the pkg-perl-maintainers
mailing list