severity 504258 important thanks Raphael Geissert, 2008-11-02 01:18:06 -0600 :
> Package: gforge-plugin-scmcvs > Severity: grave > Version: 4.5.14-5 > Tags: security > > Hi, > > The following CVE (Common Vulnerabilities & Exposures) id was published for > snoopy, which affects the embedded copy shipped by gforge-plugin-scmcvs [0]. > > CVE-2008-4796[1]: >> The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 >> and earlier allows remote attackers to execute arbitrary commands via >> shell metacharacters in https URLs. Since gforge-plugin-scmcvs only uses Snoopy on fixed URLs that do not come from the user, I don't think it is affected by this particular security problem. I'm therefore downgrading the severity of this bug report. Roland. -- Roland Mas Qu'est-ce qui est jaune, qui pèse deux cents kilos et qui chante ? Un sumotori dans sa salle de bains. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
