mahara-packaging team mailing list archive

Thread
Date

[Bug 293004] Re: CVE-2008-4796: missing input sanitising in Snoopy.class.php

To: mahara-packaging@xxxxxxxxxxxxxxxxxxx
From: Bug Watch Updater <293004@xxxxxxxxxxxxxxxxxx>
Date: Thu, 11 Aug 2011 11:31:47 -0000
Reply-to: Bug 293004 <293004@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: debian
       Status: Unknown => Fix Released

-- 
You received this bug notification because you are a member of Mahara
Packaging, which is subscribed to mahara in Ubuntu.
https://bugs.launchpad.net/bugs/293004

Title:
  CVE-2008-4796: missing input sanitising in Snoopy.class.php

Status in “mahara” package in Ubuntu:
  Fix Released
Status in Debian GNU/Linux:
  Fix Released

Bug description:
  Binary package hint: mahara

  Mahara has an embedded copy of Snoopy which is vulnerable to this:

  CVE-2008-4796[0]:
  | The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3
  | and earlier allows remote attackers to execute arbitrary commands via
  | shell metacharacters in https URLs.  NOTE: some of these details are
  | obtained from third party information.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mahara/+bug/293004/+subscriptions