Candidate: CVE-2017-16926
PublicDate: 2017-11-22 08:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16926
 https://bugs.debian.org/882372
Description:
 Ohcount 3.0.0 is prone to a command injection via specially crafted
 filenames containing shell metacharacters, which can be exploited by an
 attacker (providing a source tree for Ohcount processing) to execute
 arbitrary code as the user running Ohcount.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882372
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_ohcount:
upstream_ohcount: released (3.1.0-1)
precise/esm_ohcount: DNE
trusty_ohcount: ignored (reached end-of-life)
trusty/esm_ohcount: DNE (trusty was needed)
xenial_ohcount: ignored (end of standard support, was needed)
zesty_ohcount: ignored (reached end-of-life)
artful_ohcount: ignored (reached end-of-life)
bionic_ohcount: not-affected (3.1.0-2)
cosmic_ohcount: not-affected (3.1.0-2)
disco_ohcount: not-affected (3.1.0-2)
eoan_ohcount: not-affected (3.1.0-2)
focal_ohcount: not-affected (3.1.0-2)
groovy_ohcount: not-affected (3.1.0-2)
hirsute_ohcount: not-affected (3.1.0-2)
impish_ohcount: not-affected (3.1.0-2)
jammy_ohcount: not-affected (3.1.0-2)
devel_ohcount: not-affected (3.1.0-2)