| |||||||||||||||||||
Mageia alert MGASA-2012-0347 (weechat)
MGASA-2012-0347 Date: November 30th, 2012 Affected releases: 1, 2 Description: Updated weechat packages fix security vulnerability: Untrusted command for function hook_process in WeeChat before 0.3.9.2 could lead to execution of commands, because of shell expansions (so the problem is only caused by some scripts, not by WeeChat itself) (CVE-2012-5534). Updated Packages: Mageia 1: weechat-0.3.0-1.1.mga1 weechat-aspell-0.3.0-1.1.mga1 weechat-charset-0.3.0-1.1.mga1 weechat-devel-0.3.0-1.1.mga1 weechat-lua-0.3.0-1.1.mga1 weechat-perl-0.3.0-1.1.mga1 weechat-python-0.3.0-1.1.mga1 weechat-ruby-0.3.0-1.1.mga1 weechat-tcl-0.3.0-1.1.mga1 Mageia 2: weechat-0.3.6-3.2.mga2 weechat-aspell-0.3.6-3.2.mga2 weechat-charset-0.3.6-3.2.mga2 weechat-devel-0.3.6-3.2.mga2 weechat-lua-0.3.6-3.2.mga2 weechat-perl-0.3.6-3.2.mga2 weechat-python-0.3.6-3.2.mga2 weechat-ruby-0.3.6-3.2.mga2 weechat-tcl-0.3.6-3.2.mga2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5534 https://savannah.nongnu.org/bugs/?37764 http://www.weechat.org/security/ http://lists.opensuse.org/opensuse-updates/2012-11/msg000... https://bugs.mageia.org/show_bug.cgi?id=8235 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-... (Log in to post comments)
|
|||||||||||||||||||