Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#37002 - [davfs2] security patch for CVE-2013-4362
Attached to Project:
Arch Linux
Opened by RbN (RbN) - Friday, 20 September 2013, 17:42 GMT
Last edited by Thomas Bächler (brain0) - Monday, 13 January 2014, 22:04 GMT
Opened by RbN (RbN) - Friday, 20 September 2013, 17:42 GMT
Last edited by Thomas Bächler (brain0) - Monday, 13 January 2014, 22:04 GMT
|
DetailsDescription:
Insecure use of system(). exploitation of this bug is very easy and can lead to a priviledge escalation. CVE attribution [1] Debian bugtracker [2] Resolution: patch provided by upstream [3] [1] http://www.openwall.com/lists/oss-security/2013/09/17/7 [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=723034 [3] http://savannah.nongnu.org/bugs/download.php?file_id=29142 |
This task depends upon
Comment by RbN (RbN) -
Thursday, 10 October 2013, 20:21 GMT
Exploits are available on the internet, please consider correct it :)
Comment by RbN (RbN) -
Monday, 13 January 2014, 21:36 GMT
More exploits available ....