Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 553606 (CVE-2015-0778) - <dev-util/osc-0.152.0: Shell command injection (CVE-2015-0778)
Summary: <dev-util/osc-0.152.0: Shell command injection (CVE-2015-0778)
Status: RESOLVED FIXED
Alias: CVE-2015-0778
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa cve cleanup]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-06-29 23:51 UTC by GLSAMaker/CVETool Bot
Modified: 2016-03-06 20:03 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2015-06-29 23:51:54 UTC
CVE-2015-0778 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0778):
  osc before 0.151.0 allows remote attackers to execute arbitrary commands via
  shell metacharacters in a _service file.
Comment 1 Yury German Gentoo Infrastructure gentoo-dev Security 2015-11-22 14:25:29 UTC
It has been some time since this Bug received an update. Since it is security related, bringing it up to the surface so it is not forgotten.

This is a B2 with no attention for a few months. 

Any updates?
Comment 2 Yury German Gentoo Infrastructure gentoo-dev Security 2015-12-23 16:10:15 UTC
Ok six months have gone buy with not a peep from the suse herd. Please make a decision either to maintain / update the package, if not please take steps in removing it from tree.
Comment 3 Tomáš Chvátal (RETIRED) gentoo-dev 2015-12-27 10:41:34 UTC
0.152.0 in the tree.

Arches please stabilise this and add also suse-build 2015.11.*.
Comment 4 Agostino Sarubbo gentoo-dev 2015-12-27 13:37:53 UTC
amd64 stable
Comment 5 Andreas Schürch gentoo-dev 2016-01-07 19:48:53 UTC
x86 done, last arch!
Comment 6 Yury German Gentoo Infrastructure gentoo-dev Security 2016-02-25 07:50:39 UTC
Arches and Maintainer(s), Thank you for your work.
New GLSA Request filed.

Maintainer(s), please drop the vulnerable version(s).
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2016-03-06 20:03:24 UTC
This issue was resolved and addressed in
 GLSA 201603-02 at https://security.gentoo.org/glsa/201603-02
by GLSA coordinator Kristian Fiskerstrand (K_F).