FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-24 11:27:39 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
00dadbf0-6f61-11e5-a2a1-002590263bf5	p5-UI-Dialog -- shell command execution vulnerability Matthijs Kooijman reports: It seems that the whiptail, cdialog and kdialog backends apply some improper escaping in their shell commands, causing special characters present in menu item titles to be interpreted by the shell. This includes the backtick evaluation operator, so this constitutes a security issue, allowing execution of arbitrary commands if an attacker has control over the text displayed in a menu. Discovery 2008-08-24 Entry 2015-10-10 p5-UI-Dialog < 1.09_2 CVE-2008-7315 ports/203667 https://rt.cpan.org/Public/Bug/Display.html?id=107364 https://bugs.debian.org/496448 https://github.com/kckrinke/UI-Dialog/commit/6adc44cc636c615d76297d86835e1a997681eb61

VuXML ID

Description

00dadbf0-6f61-11e5-a2a1-002590263bf5

p5-UI-Dialog -- shell command execution vulnerability

Matthijs Kooijman reports:

It seems that the whiptail, cdialog and kdialog backends apply some improper escaping in their shell commands, causing special characters present in menu item titles to be interpreted by the shell. This includes the backtick evaluation operator, so this constitutes a security issue, allowing execution of arbitrary commands if an attacker has control over the text displayed in a menu.

Discovery 2008-08-24
Entry 2015-10-10
p5-UI-Dialog

< 1.09_2

CVE-2008-7315
ports/203667
https://rt.cpan.org/Public/Bug/Display.html?id=107364
https://bugs.debian.org/496448
https://github.com/kckrinke/UI-Dialog/commit/6adc44cc636c615d76297d86835e1a997681eb61