← Back to branch summary

~ubuntu-security/ubuntu-cve-tracker/master

« back to all changes in this revision

Viewing changes to retired/CVE-2011-4357

  • Committer: Steve Beattie
  • Date: 2019-02-19 06:18:27 UTC
  • Revision ID: sbeattie@ubuntu.com-20190219061827-oh57fzcfc1u9dlfk
The ubuntu-cve-tracker project has been converted to git.

Please use 'git clone https://git.launchpad.net/ubuntu-cve-tracker' to
get the converted tree.

Show diffs side-by-side

added added

removed removed

Lines of Context:
retired/CVE-2011-4357
1
 
Candidate: CVE-2011-4357
2
 
PublicDate: 2011-12-10
3
 
References: 
4
 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4357
5
 
Description:
6
 
 Format string vulnerability in the p_cgi_error function in python/neo_cgi.c
7
 
 in the Python CGI Kit (neo_cgi) module for Clearsilver 0.10.5 and earlier
8
 
 allows remote attackers to cause a denial of service (crash) and possibly
9
 
 execute arbitrary code via format string specifiers that are not properly
10
 
 handled when creating CGI error messages using the cgi_error API function.
11
 
Ubuntu-Description: 
12
 
Notes: 
13
 
Bugs: 
14
 
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649322
15
 
Priority: medium
16
 
Discovered-by: Leo Iannacone and Colin Watson
17
 
Assigned-to: 
18
 
 
19
 
Patches_clearsilver:
20
 
 vendor: http://www.debian.org/security/2011/dsa-2355
21
 
upstream_clearsilver: needed
22
 
hardy_clearsilver: ignored (reached end-of-life)
23
 
lucid_clearsilver: ignored (reached end-of-life)
24
 
maverick_clearsilver: released (0.10.5-1+squeeze1build0.10.10.1)
25
 
natty_clearsilver: released (0.10.5-1+squeeze1build0.11.04.1)
26
 
oneiric_clearsilver: released (0.10.5-1.1ubuntu0.1)
27
 
precise_clearsilver: released (0.10.5-1.2ubuntu1)
28
 
quantal_clearsilver: released (0.10.5-1.2ubuntu1)
29
 
raring_clearsilver: released (0.10.5-1.2ubuntu1)
30
 
saucy_clearsilver: released (0.10.5-1.2ubuntu1)
31
 
devel_clearsilver: released (0.10.5-1.2ubuntu1)