1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
Candidate: CVE-2016-1244
PublicDate: 2016-10-03
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1244
Description:
The extractTree function in unADF allows remote attackers to execute
arbitrary code via shell metacharacters in a directory name in an adf file.
Ubuntu-Description:
Notes:
Bugs:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838248
Priority: medium
Discovered-by: Tuomas Räsänen
Assigned-to:
Patches_unadf:
upstream: http://tmp.tjjr.fi/0001-Fix-unsafe-extraction-by-using-mkdir-instead-of-shel.patch
upstream_unadf: released (0.7.11a-3+deb7u1)
precise_unadf: ignored (reached end-of-life)
precise/esm_unadf: DNE (precise was needed)
trusty_unadf: released (0.7.11a-3+deb7u1~build0.14.04.1)
vivid/stable-phone-overlay_unadf: DNE
vivid/ubuntu-core_unadf: DNE
xenial_unadf: released (0.7.11a-3+deb7u1~build0.16.04.1)
yakkety_unadf: not-affected (0.7.11a-3+deb7u1)
zesty_unadf: not-affected (0.7.11a-3+deb7u1)
devel_unadf: not-affected (0.7.11a-3+deb7u1)
|