Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 30 Apr 2014 23:41:23 -0400 (EDT)
From: cve-assign@...re.org
To: mr.spuratic@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: rxvt-unicode user-assisted arbitrary commands execution

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> rxvt-unicode-9.20 (aka urxvt) includes a security update to address a
> user-assisted arbitrary commands execution issue. This can be
> exploited by the unprocessed display of certain escape sequences in a
> crafted text file or program output.
> 
> arbitrary command sequences can be constructed using this, and
> unintentionally executed if used in conjunction with various other
> escape sequences.

> http://dist.schmorp.de/rxvt-unicode/Changes

Use CVE-2014-3121.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTYcHgAAoJEKllVAevmvmsKpoIAKMpm+B8q61J3eNZNVrdQ6Hy
IZlBiJAu0qWTb9xDZFz1BLtz7WrljVem+/aBM+L2e14sXncNLFlYk+Zg0azyhnXW
rEV+2cArAu+GLMB4C0Q4g0GdhNcDe41Q3smcCUbpRQQFpkU6e/R2NxH2nQjNAX9E
acRDB7DiNgXJ6iZ02F+N++6+AQhc3VuV09jSeizimcbjNuzQVopCxdq3hOEkDO2W
9eyy8Krx2nUHABdRRRUkl8NmWXsP8fbjD+ZuASYIfPRNM/HZLmEvQeZIA4BO5Dvl
Z4ybucja+bKcjb8D3jHijTrubG3Yyskwkc8J5WwYuIebAWNAag1EB676SHW95zA=
=1utq
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ