1
Candidate: CVE-2011-4357
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4357
6
Format string vulnerability in the p_cgi_error function in python/neo_cgi.c
7
in the Python CGI Kit (neo_cgi) module for Clearsilver 0.10.5 and earlier
8
allows remote attackers to cause a denial of service (crash) and possibly
9
execute arbitrary code via format string specifiers that are not properly
10
handled when creating CGI error messages using the cgi_error API function.
14
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649322
16
Discovered-by: Leo Iannacone and Colin Watson
20
vendor: http://www.debian.org/security/2011/dsa-2355
21
upstream_clearsilver: needed
22
hardy_clearsilver: ignored (reached end-of-life)
23
lucid_clearsilver: ignored (reached end-of-life)
24
maverick_clearsilver: released (0.10.5-1+squeeze1build0.10.10.1)
25
natty_clearsilver: released (0.10.5-1+squeeze1build0.11.04.1)
26
oneiric_clearsilver: released (0.10.5-1.1ubuntu0.1)
27
precise_clearsilver: released (0.10.5-1.2ubuntu1)
28
quantal_clearsilver: released (0.10.5-1.2ubuntu1)
29
raring_clearsilver: released (0.10.5-1.2ubuntu1)
30
saucy_clearsilver: released (0.10.5-1.2ubuntu1)
31
devel_clearsilver: released (0.10.5-1.2ubuntu1)