Candidate: CVE-2013-2184
PublicDate: 2015-03-27 14:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2184
 http://www.openwall.com/lists/oss-security/2013/06/14/1
 http://perl5.git.perl.org/perl.git/commit/664f237a84176c09b20b62dbfe64dd736a7ce05e
 http://www.movabletype.org/documentation/appendices/release-notes/movable-type-526-release-notes.html
Description:
 Movable Type before 5.2.6 does not properly use the Storable::thaw
 function, which allows remote attackers to execute arbitrary code via the
 comment_state parameter.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712602
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_movabletype-opensource:
upstream_movabletype-opensource: released (5.2.6)
lucid_movabletype-opensource: ignored (reached end-of-life)
precise_movabletype-opensource: ignored (reached end-of-life)
precise/esm_movabletype-opensource: DNE (precise was needs-triage)
quantal_movabletype-opensource: ignored (reached end-of-life)
raring_movabletype-opensource: ignored (reached end-of-life)
saucy_movabletype-opensource: ignored (reached end-of-life)
trusty_movabletype-opensource: not-affected (5.2.9+dfsg-1)
trusty/esm_movabletype-opensource: DNE (trusty was not-affected [5.2.9+dfsg-1])
utopic_movabletype-opensource: not-affected (5.2.9+dfsg-1)
vivid_movabletype-opensource: DNE
vivid/stable-phone-overlay_movabletype-opensource: DNE
vivid/ubuntu-core_movabletype-opensource: DNE
wily_movabletype-opensource: DNE
xenial_movabletype-opensource: DNE
yakkety_movabletype-opensource: DNE
zesty_movabletype-opensource: DNE
devel_movabletype-opensource: DNE