Hi, as discussed with Salvatore Bonaccorso of the Debian Security Team (team cc'ed), I'm herewith requesting a CVE ID for the following security issue in ack (http://beyondgrep.com/, also known as ack-grep in multiple distributions; upstream developer cc'ed):
* Remote code execution via options --pager, --output, and --regexp in per-project .ackrc files Details and original report: https://github.com/petdance/ack2/issues/399 Changelog: https://metacpan.org/source/PETDANCE/ack-2.12/Changes Further references: http://bugs.debian.org/731848 Affected versions: 2.00 to 2.10. Not affected versions: Below 2.00 Fixed versions: 2.12 so far Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE `- | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5
signature.asc
Description: Digital signature
