retitle 546791 CVE-2009-3233: shell command injection via filename
thanks

Hi,

this issue got a CVE id:

Name: CVE-2009-3233
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3233
Reference: MLIST:[oss-security] 20090916 CVE id request: changetrack
Reference: URL:http://www.openwall.com/lists/oss-security/2009/09/16/3
Reference: CONFIRM:http://bugs.debian.org/546791
Reference: BID:36420
Reference: URL:http://www.securityfocus.com/bid/36420
Reference: SECUNIA:36756
Reference: URL:http://secunia.com/advisories/36756

changetrack 4.3 allows local users to execute arbitrary commands via
CRLF sequences and shell metacharacters in a filename in a directory
that is checked by changetrack.

Please coordinate with the security team ([email protected]) to
prepare packages for the stable and oldstable releases.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

Cheers,
Giuseppe.

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to