CVE-2008-2575

NameCVE-2008-2575
DescriptioncbrPager before 0.9.17 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a (1) ZIP (aka .cbz) or (2) RAR (aka .cbr) archive filename.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs482853

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
cbrpager (PTS)stretch0.9.22-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cbrpagersourceetch0.9.14-3+etch1
cbrpagersource(unstable)0.9.17-1low482853

Notes

Minor issue fixed in 4.0r4 point release

Search for package or bug name: Reporting problems