diff options
author | Joey Hess <joeyh@debian.org> | 2005-08-31 19:03:01 +0000 |
---|---|---|
committer | Joey Hess <joeyh@debian.org> | 2005-08-31 19:03:01 +0000 |
commit | b7fcd369a3b982c03336dbb08ea43dca1353ed87 (patch) | |
tree | 323bdc79e7072ec85073f8b35092a491fdc29143 /data/DTSA/advs/9-bluez-utils.adv | |
parent | 0c2266703283c6dfaaa4934d0b58ca67b03cb168 (diff) |
gave up on thunderbird build for now, reclaimed advisory 9 for bluez
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@1751 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/DTSA/advs/9-bluez-utils.adv')
-rw-r--r-- | data/DTSA/advs/9-bluez-utils.adv | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/data/DTSA/advs/9-bluez-utils.adv b/data/DTSA/advs/9-bluez-utils.adv new file mode 100644 index 0000000000..b91e1851e6 --- /dev/null +++ b/data/DTSA/advs/9-bluez-utils.adv @@ -0,0 +1,14 @@ +dtsa: DTSA-9-1 +source: bluez-utils +date: August 31st, 2005 +author: Joey Hess +vuln-type: bad device name escaping +problem-scope: remote +debian-specific: no +cve: CAN-2005-2547 +testing-fix: 2.19-0.1etch1 +sid-fix: 2.19-1 + +A bug in bluez-utils allows remote attackers to execute arbitrary commands +via shell metacharacters in the Bluetooth device name when invoking the PIN +helper. |