oss-sec mailing list archives
Re: CVE Request: foomatic-gui
From: Josh Bressers <bressers () redhat com>
Date: Wed, 3 Aug 2011 16:45:42 -0400 (EDT)
Please use CVE-2011-2899
Thanks.
--
JB
----- Original Message -----
Hello, foomatic-gui improperly escapes certain hostnames, resulting in a remote arbitrary command execution vulnerability. Ref.: https://bugs.launchpad.net/ubuntu/+source/foomatic-gui/+bug/811119 http://cvs.savannah.gnu.org/viewvc/foomatic-gui/foomatic/pysmb.py?root=foomatic-gui&r1=1.2&r2=1.3 http://packages.debian.org/changelogs/pool/main/f/foomatic-gui/foomatic-gui_0.7.9.5/changelog Could a CVE please be assigned to this issue? Thanks, Marc. -- Marc Deslauriers Ubuntu Security Engineer | http://www.ubuntu.com/ Canonical Ltd. | http://www.canonical.com/
Current thread:
- CVE Request: foomatic-gui Marc Deslauriers (Aug 03)
- Re: CVE Request: foomatic-gui Tim Waugh (Aug 03)
- Re: CVE Request: foomatic-gui Josh Bressers (Aug 03)
- Re: CVE Request: foomatic-gui dave bl (Aug 04)
- Re: CVE Request: foomatic-gui Henri Salo (Aug 04)
- Re: CVE Request: foomatic-gui Tim Waugh (Aug 04)
- Re: CVE Request: foomatic-gui Josh Bressers (Aug 04)
- Re: CVE Request: foomatic-gui Tim Waugh (Aug 05)
- Re: CVE Request: foomatic-gui dave bl (Aug 05)
- Re: CVE Request: foomatic-gui Huzaifa Sidhpurwala (Aug 11)
- Re: CVE Request: foomatic-gui dave bl (Aug 04)