[Secure-testing-team] Bug#778341: procmail: CVE-2014-9681: unsafe handling of TZ environment variable
Salvatore Bonaccorso
carnil at debian.org
Fri Feb 13 18:48:07 UTC 2015
Source: procmail
Version: 3.22-19
Severity: important
Tags: security upstream
Hi
Jakub Wilk reported on oss-security that procmail has unsafe handling
of the TZ environment variable, see
http://openwall.com/lists/oss-security/2014/10/15/24
https://sources.debian.net/src/procmail/3.22-20%2Bdeb7u1/config.h/?hl=22#L13
and
http://seclists.org/oss-sec/2015/q1/533
This issue has got CVE-2014-9681 assigned.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list