[security] twiki allows remote attackers to execute arbitrary Perl code (CVE-2008-5305)
Bug #709401 reported by
Brian Thomason
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
twiki (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Hardy |
Fix Released
|
Undecided
|
Brian Thomason | ||
Karmic |
Fix Released
|
Undecided
|
Brian Thomason |
Bug Description
Binary package hint: twiki
Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable.
CVE References
Changed in twiki (Ubuntu): | |
assignee: | nobody → Brian Thomason (brian-thomason) |
summary: |
- [security] twiki llows remote attackers to execute arbitrary Perl code + [security] twiki allows remote attackers to execute arbitrary Perl code (CVE-2008-5305) |
To post a comment you must log in.
Hi Brian,
Thanks for helping to improve Ubuntu by providing these debdiffs. I've reviewed them and uploaded the packages to the ppa:ubuntu- security- proposed/ ppa to build. Once they're built, please test and provide feedback here.
One minor nit that I had with the patches was that even with dpatch style patches, we prefer that the header to contain relevant DEP-3 tags as outlined at http:// dep.debian. net/deps/ dep/.
[Marking this bug report public as the issue is not embargoed.]