Package: openocd X-Debbugs-CC: t...@security.debian.org secure-testing-t...@lists.alioth.debian.org Severity: grave Tags: important
Hi, the following vulnerability was published for openocd. CVE-2018-5704[0]: | Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use | HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote | attackers to conduct cross-protocol scripting attacks, and consequently | execute arbitrary commands, via a crafted web site. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-5704 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5704 Please adjust the affected versions in the BTS as needed.