Candidate: CVE-2012-5534
PublicDate: 2012-12-03 21:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5534
 http://www.openwall.com/lists/oss-security/2012/11/19
Description:
 The hook_process function in the plugin API for WeeChat 0.3.0 through
 0.3.9.1 allows remote attackers to execute arbitrary commands via shell
 metacharacters in a command from a plugin, related to "shell expansion."
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_weechat:
 upstream: http://git.savannah.gnu.org/gitweb/?p=weechat.git;a=commitdiff_plain;h=efb795c74fe954b9544074aafcebb1be4452b03a
upstream_weechat: released (0.3.9.2-1)
hardy_weechat: ignored (reached end-of-life)
lucid_weechat: ignored (reached end-of-life)
oneiric_weechat: ignored (reached end-of-life)
precise_weechat: ignored (reached end-of-life)
precise/esm_weechat: DNE (precise was needed)
quantal_weechat: ignored (reached end-of-life)
raring_weechat: not-affected (0.3.9.2-1)
saucy_weechat: not-affected (0.3.9.2-1)
trusty_weechat: not-affected (0.3.9.2-1)
trusty/esm_weechat: DNE (trusty was not-affected [0.3.9.2-1])
utopic_weechat: not-affected (0.3.9.2-1)
vivid_weechat: not-affected (0.3.9.2-1)
vivid/stable-phone-overlay_weechat: DNE
vivid/ubuntu-core_weechat: DNE
wily_weechat: not-affected (0.3.9.2-1)
xenial_weechat: not-affected (0.3.9.2-1)
yakkety_weechat: not-affected (0.3.9.2-1)
zesty_weechat: not-affected (0.3.9.2-1)
devel_weechat: not-affected (0.3.9.2-1)