Package: libphp-snoopy Severity: grave Tags: security, patch Justification: user security hole
Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for libphp-snoopy. CVE-2008-4796[0]: | The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 | and earlier allows remote attackers to execute arbitrary commands via | shell metacharacters in https URLs. NOTE: some of these details are | obtained from third party information. You can find the extracted upstream patch here[1]. Please include it as soon as possible, upload with high urgency and ask the release team for an unblock, so it can go into lenny. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Cheers Steffen For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4796 http://security-tracker.debian.net/tracker/CVE-2008-4796 [1] http://klecker.debian.org/~white/libphp-snoopy/CVE-2008-4796.patch -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]