Bug#731848: CVE request for remote code execution in ack
Hi, as discussed with Salvatore Bonaccorso of the Debian Security Team (team cc'ed), I'm herewith requesting a CVE ID for the following security issue in ack (http://beyondgrep.com/, also known as ack-grep in multiple distributions; upstream developer cc'ed): * Remote code execution via options --pager, --output, and --regexp in per-project .ackrc files Details and original report: https://github.com/petdance/ack2/issues/399 Changelog: https://metacpan.org/source/PETDANCE/ack-2.12/Changes Further references: http://bugs.debian.org/731848 Affected versions: 2.00 to 2.10. Not affected versions: Below 2.00 Fixed versions: 2.12 so far Regards, Axel -- ,''`. | Axel Beckert a...@debian.org, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE `-| 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 signature.asc Description: Digital signature
Bug#731848: CVE request for remote code execution in ack
Hi Andy, Andy Lester wrote: On Dec 10, 2013, at 7:46 AM, Axel Beckert a...@debian.org wrote: as discussed with Salvatore Bonaccorso of the Debian Security Team (team cc'ed), I'm herewith requesting a CVE ID for the following security issue in ack (http://beyondgrep.com/, also known as ack-grep in multiple distributions; upstream developer cc'ed): Is there anything you need me to do? It would be nice if you could add the CVE-ID to the Changes file of ack retroactively as soon as it's known so that it's part of the Changes file in further ack releases. Regards, Axel -- ,''`. | Axel Beckert a...@debian.org, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE `-| 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#731848: CVE request for remote code execution in ack
On Dec 10, 2013, at 8:00 AM, Axel Beckert a...@debian.org wrote: It would be nice if you could add the CVE-ID to the Changes file of ack retroactively as soon as it's known so that it's part of the Changes file in further ack releases. OK. Just help me through this and I’ll do what needs to be done. I’m glad to do whatever is necessary to help y’all. xoa -- Andy Lester = a...@petdance.com = www.petdance.com = AIM:petdance
Bug#731848: CVE request for remote code execution in ack
On Dec 10, 2013, at 7:46 AM, Axel Beckert a...@debian.org wrote: Hi, as discussed with Salvatore Bonaccorso of the Debian Security Team (team cc'ed), I'm herewith requesting a CVE ID for the following security issue in ack (http://beyondgrep.com/, also known as ack-grep in multiple distributions; upstream developer cc'ed): Is there anything you need me to do? -- Andy Lester = a...@petdance.com = www.petdance.com = AIM:petdance