*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: reportbug CVE-2008-2230 description: "Untrusted search path vulnerability in (1) reportbug 3.8 and 3.31, and (2) reportbug-ng before 0.2008.06.04, allows local users to execute arbitrary code via a malicious module file in the current working directory." http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2230 Debian reportbug bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484311 Debian reportbug-ng bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484474 ** Affects: reportbug (Ubuntu) Importance: Undecided Status: New ** Affects: reportbug-ng (Ubuntu) Importance: Undecided Status: New ** Affects: reportbug (Debian) Importance: Unknown Status: Unknown ** Affects: reportbug-ng (Debian) Importance: Unknown Status: Unknown ** Visibility changed to: Public ** Also affects: reportbug-ng (Ubuntu) Importance: Undecided Status: New ** Bug watch added: Debian Bug tracker #484311 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484311 ** Also affects: reportbug (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484311 Importance: Unknown Status: Unknown ** Bug watch added: Debian Bug tracker #484474 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484474 ** Also affects: reportbug-ng (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484474 Importance: Unknown Status: Unknown ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-2230 -- [CVE-2008-2230] Arbitrary code execution by preparing module files in os.curdir https://bugs.launchpad.net/bugs/239124 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
