oss-sec mailing list archives
Re: CVE request: davfs2 - Unsecure use of system()
From: Salvatore Bonaccorso <carnil () debian org>
Date: Tue, 17 Sep 2013 16:57:40 +0200
Hi Kurt, hi Luciano, On Tue, Sep 17, 2013 at 10:13:40AM +0200, Luciano Bello wrote:
Hi, A security vulnerability have been reported in davfs2 http://bugs.debian.org/723034 Please, assign a CVE id.
As additional reference for this CVE request. The Debian Bugreport also contains the proposed diffs to apply to 1.4.6 and 1.4.7. But here are also upstream references. Upstream Bugreport: http://savannah.nongnu.org/bugs/?40034 Patches: 1.4.6: http://savannah.nongnu.org/bugs/download.php?file_id=29141 1.4.7: http://savannah.nongnu.org/bugs/download.php?file_id=29142 Regards, Salvatore
Current thread:
- CVE request: davfs2 - Unsecure use of system() Luciano Bello (Sep 17)
- Re: CVE request: davfs2 - Unsecure use of system() Salvatore Bonaccorso (Sep 17)
- Re: CVE request: davfs2 - Unsecure use of system() Tavis Ormandy (Sep 18)
- Re: CVE request: davfs2 - Unsecure use of system() Kurt Seifried (Sep 18)