oss-security - Re: CVE Request: foomatic-gui

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <972812882.1798855.1312404342488.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com>
Date: Wed, 3 Aug 2011 16:45:42 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: security@...ntu.com, coley@...us.mitre.org
Subject: Re: CVE Request: foomatic-gui

Please use CVE-2011-2899

Thanks.

-- 
    JB

----- Original Message -----
> Hello,
> 
> foomatic-gui improperly escapes certain hostnames, resulting in a
> remote
> arbitrary command execution vulnerability.
> 
> Ref.:
> https://bugs.launchpad.net/ubuntu/+source/foomatic-gui/+bug/811119
> http://cvs.savannah.gnu.org/viewvc/foomatic-gui/foomatic/pysmb.py?root=foomatic-gui&r1=1.2&r2=1.3
> http://packages.debian.org/changelogs/pool/main/f/foomatic-gui/foomatic-gui_0.7.9.5/changelog
> 
> Could a CVE please be assigned to this issue?
> 
> Thanks,
> 
> Marc.
> 
> 
> --
> Marc Deslauriers
> Ubuntu Security Engineer | http://www.ubuntu.com/
> Canonical Ltd. | http://www.canonical.com/

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.