mailing list archives
CVE Request -- ClearSilver (neo_cgi) -- Format string flaw by processing CGI error messages in Python module
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Sun, 27 Nov 2011 18:21:15 +0100
Hello Kurt, Steve, vendors,
a format string flaw was found in the Python CGI Kit (neo_cgi)
module of ClearSilver, a language-neutral HTML templating system,
processed certain input, leading to Common Gateway Interface (CGI)
script errors. A remote attacker could provide a specially-crafted
input, which once processed by an application, using the Python
language API of ClearSilver neo_cgi module, could lead to that
particular application crash, or, potentially arbitrary code
execution with the privileges of the user running the application.
Patch, proposed by the issue reporter to the Debian Bug Tracking System:
Could you allocate a CVE id for this issue?
Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team
- CVE Request -- ClearSilver (neo_cgi) -- Format string flaw by processing CGI error messages in Python module Jan Lieskovsky (Nov 27)