[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Chicken-hackers] [patch] utils: qs not escaping pipes
|
From: |
Peter Bex |
|
Subject: |
Re: [Chicken-hackers] [patch] utils: qs not escaping pipes |
|
Date: |
Sun, 17 Feb 2013 15:57:43 +0100 |
|
User-agent: |
Mutt/1.4.2.3i |
On Sun, Feb 17, 2013 at 03:53:42PM +0100, Peter Bex wrote:
> Could someone more knowledgeable about Windows please take a look at
> the version for that platform? That implementation does not look correct
> at all. It would be great if we could have a correct version for Windows
> as well.
PS: The original UNIX implementation using a black list is a bug that
might potentially be abused, and I'll ask whether a CVE is in order.
But the Windows thing looks like it's definitely a vulnerability worthy
of a CVE. Once we have a fix I'll post a CVE request.
Cheers,
Peter
--
http://www.more-magic.net
Re: [Chicken-hackers] [patch] utils: qs not escaping pipes, Michele La Monaca, 2013/02/19