Candidate: CVE-2011-3211
PublicDate: 2011-09-16 12:35:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3211
Description:
 The server in Bcfg2 1.1.2 and earlier, and 1.2 prerelease, allows remote
 attackers to execute arbitrary commands via shell metacharacters in data
 received from a client.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/bcfg2/+bug/844743
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640028
Priority: high
Discovered-by:
Assigned-to: jtaylor
CVSS: 

Patches_bcfg2:
 other: https://bugs.launchpad.net/ubuntu/+source/bcfg2/+bug/844743
 upstream: https://github.com/solj/bcfg2/commit/f4a35efec1b6a1e54d61cf1b8bfc83dd1
 upstream: https://github.com/fabaff/bcfg2/commit/46795ae451ca6ede55a0edeb726978aef4684b53
upstream_bcfg2: released (1.1.2-2)
hardy_bcfg2: released (0.9.5.7-1ubuntu0.1)
lucid_bcfg2: released (0.9.6-0ubuntu2.1.10.04.1)
maverick_bcfg2: released (0.9.6-0ubuntu2.1.10.10.1)
natty_bcfg2: released (1.1.1-2ubuntu1.2)
devel_bcfg2: released (1.1.2-2ubuntu1)