CVE-2005-3150

Name	CVE-2005-3150
Description	Format string vulnerability in the Log_Flush function in Weex 2.6.1.5, 2.6.1, and possibly other versions allows remote FTP servers to execute arbitrary code via format strings in filenames.
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-855-1
Debian Bugs	332424

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
weex (PTS)	bullseye	2.8.3	fixed
	bookworm	2.8.4.2	fixed
	trixie	2.8.4.4	fixed
	forky, sid	2.8.4.5+nmu1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
weex	source	woody	2.6.1-4woody2	medium	DSA-855-1	332424
weex	source	sarge	2.6.1-6sarge1	medium	DSA-855-1	332424
weex	source	(unstable)	2.6.1-6sarge1	medium		332424