Debian Security Advisory
DSA-1236-1 enemies-of-carlotta -- missing sanity checks
- Date Reported:
- 13 Dec 2006
- Affected Packages:
- enemies-of-carlotta
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2006-5875.
- More information:
-
Antti-Juhani Kaijanaho discovered that enemies-of-carlotta, a simple manager for mailing lists, does not properly sanitise email addresses before passing them through to the system shell.
For the stable distribution (sarge), this problem has been fixed in version 1.0.3-1sarge1.
We recommend that you upgrade your enemies-of-carlotta package.
- Fixed in:
-
Debian 3.1 (stable)
- Source:
- http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3.orig.tar.gz
- http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3-1sarge1.dsc
- http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3-1sarge1.diff.gz
- http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3-1sarge1.dsc
MD5 checksums of the listed files are available in the original advisory.