Summary: | <net-im/gajim-0.15-r1 : Remote code execution and possible sql injection (CVE-2012-{2085,2086}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | flow, jlec, net-im |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 412215 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2012-04-08 12:40:38 UTC
@maintainer: is it ready to go to stable? @jlec: I'd say to do it in bug 412215 0.15 can go stable no problems here. Thanks, everyone. Creating new GLSA request. This issue was resolved and addressed in GLSA 201208-04 at http://security.gentoo.org/glsa/glsa-201208-04.xml by GLSA coordinator Sean Amoss (ackle). CVE-2012-2085 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2085): The exec_command function in common/helpers.py in Gajim before 0.15 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an href attribute. |