CVE-2014-8630

NameCVE-2014-8630
DescriptionBugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by shell metacharacters in a product name.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs669643

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bugzillasourcesqueeze(unfixed)end-of-life
bugzillasource(unstable)(unfixed)
bugzilla4ITP669643

Notes

https://bugzilla.mozilla.org/show_bug.cgi?id=1079065

Search for package or bug name: Reporting problems