Candidate: CVE-2011-0469
PublicDate: 2017-08-17 16:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0469
 https://bugzilla.suse.com/show_bug.cgi?id=679325
 https://github.com/openSUSE/open-build-service/commit/23c8d21c75242999e29379e6ca8418a14c8725c6
 https://github.com/openSUSE/open-build-service/commit/76b0ab003f34435ca90d943e02dd22279cdeec2a
Description:
 Code injection in openSUSE when running some source services used in the
 open build service 2.1 before March 11 2011.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_open-build-service:
upstream_open-build-service: released (2.3.0)
precise/esm_open-build-service: DNE
trusty_open-build-service: DNE
trusty/esm_open-build-service: DNE
vivid/ubuntu-core_open-build-service: DNE
xenial_open-build-service: DNE
zesty_open-build-service: not-affected (2.7.1-10)
devel_open-build-service: not-affected (2.7.1-10)