[Bug 1067342] VUL-0: CVE-2017-16667: backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting offile paths used as arguments to the 'notify-send' command, leading to some partsof file paths being executed as shell commands within an os

20 Nov 2017

      http://bugzilla.suse.com/show_bug.cgi?id=1067342

Swamp Workflow Management  changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Whiteboard|                            |CVSSv3:RedHat:CVE-2017-1666
                   |CVSSv3:RedHat:CVE-2017-1666 |7:7.8:(AV:L/AC:L/PR:N/UI:R/
                   |7:7.8:(AV:L/AC:L/PR:N/UI:R/ |S:U/C:H/I:H/A:H)
                   |S:U/C:H/I:H/A:H)            |obs:running:7502:moderate

-- 
You are receiving this mail because:
You are on the CC list for the bug.

bugzilla_noreply＠novell.com

tags

participants (1)