Debian Security Advisory

DSA-1236-1 enemies-of-carlotta -- missing sanity checks

Date Reported:
13 Dec 2006
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2006-5875.
More information:

Antti-Juhani Kaijanaho discovered that enemies-of-carlotta, a simple manager for mailing lists, does not properly sanitise email addresses before passing them through to the system shell.

For the stable distribution (sarge), this problem has been fixed in version 1.0.3-1sarge1.

We recommend that you upgrade your enemies-of-carlotta package.

Fixed in:

Debian 3.1 (stable)


MD5 checksums of the listed files are available in the original advisory.