command injection in update-perl-sax-parsers
Bug #782479 reported by
Emanuel Bronshtein
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libxml-sax-perl (Ubuntu) |
Fix Released
|
Low
|
Unassigned |
Bug Description
Binary package hint: libxml-sax-perl
/usr/bin/
test case :
emanuel@
update-
Systeminj
the bug can be found at :
if ($ucf) {
system("ucf --debconf-ok --sum-file /var/lib/
unlink $tmpfile or die("unlink $tmpfile: $!");
}
Changed in libxml-sax-perl (Ubuntu): | |
importance: | Undecided → Low |
To post a comment you must log in.
fix: libxml- sax-perl/ ParserDetails. ini.md5sum" , $tmpfile , $file);
system("ucf" , "--debconf-ok" , "--sum-file" , "/var/lib/