Summary: | <app-office/tpp-1.3.1-r2 : Possibility of arbitrary code execution when processing untrusted TPP template (CVE-2013-2208) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ruby |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=976684 | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-06-21 09:16:51 UTC
app-office/tpp-1.3.1-r2 has the fix. app-office/tpp-1.3.1-r1 still in the tree (as it is stable). Arches, please mark app-office/tpp-1.3.1-r2 as stable for PPC/X86 so we may remove app-office/tpp-1.3.1-r1 from the tree. ppc stable x86 stable, thanks. Badness removed from tree, waiting for glsamaker access to create glsa and close. still not glsamaker access to finish this out :( GLSA request filed. This issue was resolved and addressed in GLSA 201309-19 at http://security.gentoo.org/glsa/glsa-201309-19.xml by GLSA coordinator Chris Reffett (creffett). CVE-2013-2208 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2208): tpp 1.3.1 allows remote attackers to execute arbitrary commands via a --exec command in a TPP template file. |