what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

DSA-1236-1.txt

DSA-1236-1.txt
Posted Dec 14, 2006
Site debian.org

Debian Security Advisory 1236-1: Antti-Juhani Kaijanaho discovered that enemies-of-carlotta, a simple manager for mailing lists, does not properly sanitise email addresses before passing them through to the system shell.

tags | advisory, shell
systems | linux, debian
SHA-256 | fa29eb002e316cba896732e9761a36a4fc7e26edc0b2afbef7c43511c03e6386

DSA-1236-1.txt

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1236-1 security@debian.org
http://www.debian.org/security/ Steve Kemp
December 13, 2006
- ------------------------------------------------------------------------

Package : enemies-of-carlotta
Vulnerability : missing sanity checks
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2006-5875

Antti-Juhani Kaijanaho discovered that enemies-of-carlotta, a simple
manager for mailing lists, does not properly sanitise email addresses
before passing them through to the system shell.

For the stable distribution (sarge), this problem has been fixed in version
1.0.3-1sarge1

We recommend that you upgrade your enemies-of-carlotta package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian 3.1 (stable)
- -------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3.orig.tar.gz
Size/MD5 checksum: 50970 c128776396562ef1c678e438422d11fb
http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3-1sarge1.dsc
Size/MD5 checksum: 615 15c19c6a0ba8b3350f7ada9074713d12
http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3-1sarge1.diff.gz
Size/MD5 checksum: 3587 c5e36788f3e1375c1f97533f1692de4a

Architecture independent packages:

http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3-1sarge1_all.deb
Size/MD5 checksum: 42722 d78136bff713315256626eec51521c83


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFFf/GVwM/Gs81MDZ0RAn4jAKCix0rudNOKLzx7KVBq8xxtU0wryACfS2PN
HRjdDPz/0i1ssaEXt00F+Ag=
=rmMW
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

September 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    2 Files
  • 2
    Sep 2nd
    21 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    17 Files
  • 5
    Sep 5th
    34 Files
  • 6
    Sep 6th
    29 Files
  • 7
    Sep 7th
    11 Files
  • 8
    Sep 8th
    25 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    26 Files
  • 12
    Sep 12th
    23 Files
  • 13
    Sep 13th
    17 Files
  • 14
    Sep 14th
    22 Files
  • 15
    Sep 15th
    16 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    19 Files
  • 19
    Sep 19th
    60 Files
  • 20
    Sep 20th
    23 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    8 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    17 Files
  • 26
    Sep 26th
    3 Files
  • 27
    Sep 27th
    13 Files
  • 28
    Sep 28th
    5 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close