CVE-2012-1095
Published: 6 February 2014
osc before 0.134 might allow remote OBS repository servers or package maintainers to execute arbitrary commands via a crafted (1) build log or (2) build status that contains an escape sequence for a terminal emulator.
Priority
Status
Package | Release | Status |
---|---|---|
osc Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Ignored
(end of life)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Released
(0.132.6-1ubuntu0.1)
|
|
quantal |
Not vulnerable
(0.134.1-2)
|
|
raring |
Not vulnerable
(0.134.1-2)
|
|
upstream |
Released
(0.134.0)
|
|
Patches: upstream: https://github.com/openSUSE/osc/commit/effe3835ba65745f51dbb579af4ea3556d2ab597.patch |