This bug was fixed in the package bcfg2 - 1.1.1-2ubuntu1.2
---------------
bcfg2 (1.1.1-2ubuntu1.2) natty-security; urgency=high
* SECURITY UPDATE: missing input sanitization allowing execution
of arbitrary commands (LP: #844743)
- patch: 0008-Backported-unescaped-shell-command-fixes-from-master.patch
backported from upstream by Chris St. Pierre
-
https://github.com/fabaff/bcfg2/commit/46795ae451ca6ede55a0edeb726978aef4684b53
- CVE-2011-3211
-- Julian Taylor <[email protected]> Thu, 08 Sep 2011 14:53:11
+0200
** Changed in: bcfg2 (Ubuntu Natty)
Status: Fix Committed => Fix Released
** Changed in: bcfg2 (Ubuntu Maverick)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/844743
Title:
Unescaped shell command vulnerabilities
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bcfg2/+bug/844743/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
