Candidate: CVE-2012-5642
PublicDate: 2012-12-31 11:50:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5642
 http://www.openwall.com/lists/oss-security/2012/12/17/1
Description:
 server/action.py in Fail2ban before 0.8.8 does not properly handle the
 content of the matches tag, which might allow remote attackers to trigger
 unsafe behavior in a custom action file via unspecified symbols in this
 content.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696184
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_fail2ban:
 upstream: https://github.com/fail2ban/fail2ban/commit/83109bc
upstream_fail2ban: released (0.8.8)
hardy_fail2ban: ignored (reached end-of-life)
lucid_fail2ban: ignored (reached end-of-life)
oneiric_fail2ban: ignored (reached end-of-life)
precise_fail2ban: released (0.8.6-3wheezy2build0.12.04.1)
quantal_fail2ban: ignored (reached end-of-life)
raring_fail2ban: ignored (reached end-of-life)
saucy_fail2ban: not-affected (0.8.10-1)
trusty_fail2ban: not-affected (0.8.10-1)
trusty/esm_fail2ban: not-affected (0.8.10-1)
devel_fail2ban: not-affected (0.8.10-1)