http://bugzilla.opensuse.org/show_bug.cgi?id=1071709
http://bugzilla.opensuse.org/show_bug.cgi?id=1071709#c4
Andreas Stieger changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|VUL-0: fossil: client-side |VUL-0: CVE-2017-17459:
|code execution via |fossil: client-side code
|specially crafted ssh:// |execution via specially
|URL (ProxyCommand) |crafted ssh:// URL
| |(ProxyCommand)
Alias| |CVE-2017-17459
--- Comment #4 from Andreas Stieger ---
CVE-2017-17459 assigned for:
http_transport.c in Fossil before 2.4, when the SSH sync protocol is
used, allows user-assisted remote attackers to execute arbitrary commands via
an ssh
URL with an initial dash character in the hostname, a related issue to
CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176,
CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.
--
You are receiving this mail because:
You are on the CC list for the bug.