Bug 198876

Summary:	[devel/osc][security] CVE-2015-0778
Product:	Ports & Packages	Reporter:	Sevan Janiyan <venture37>
Component:	Individual Port(s)	Assignee:	Dmitry Marakasov <amdmi3>
Status:	Closed FIXED
Severity:	Affects Only Me	Flags:	bugzilla: maintainer-feedback? (amdmi3)
Priority:	---
Version:	Latest
Hardware:	Any
OS:	Any

Description Sevan Janiyan 2015-03-24 18:14:30 UTC

osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file.

Comment 1 commit-hook freebsd_committer

2015-03-31 16:11:07 UTC

A commit references this bug:

Author: amdmi3
Date: Tue Mar 31 16:10:22 UTC 2015
New revision: 382847
URL: https://svnweb.freebsd.org/changeset/ports/382847

Log:
  Add vulnerability for devel/osc.

  Security:	CVE-2015-0778
  PR:		198876
  Submitted by:	venture37@geeklan.co.uk

Changes:
  head/security/vuxml/vuln.xml

Comment 2 commit-hook freebsd_committer

2015-03-31 16:26:10 UTC

A commit references this bug:

Author: amdmi3
Date: Tue Mar 31 16:25:38 UTC 2015
New revision: 382849
URL: https://svnweb.freebsd.org/changeset/ports/382849

Log:
  - Update to 0.151.2
  - Fixes CVE-2015-0778 (shell command injection via crafted _service files)

  PR:		198876
  Submitted by:	venture37@geeklan.co.uk

Changes:
  head/devel/osc/Makefile
  head/devel/osc/distinfo