tnozaki / NetBSD / issues / #289 - [tnozaki-openssl] CVE-2022-2068 The c_rehash script does not properly sanitise shell metacharacters to prevent command injection (not discovered CVE-2022-1292) — Bitbucket

Issue #289 resolved

Takehiko NOZAKI repo owner created an issue 2022-07-30

https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2068

Comments (1)

Takehiko NOZAKI reporter
- changed status to resolved
BUGFIX: Issue ~~#289~~ - CVE-2022-2068 The c_rehash script does not properly sanitise shell metacharacters to prevent command injection (not discovered CVE-2022-1292)

patch obtained from(modified by me): https://github.com/openssl/openssl/commit/9639817dac8bbbaa64d09efad7464ccc405527c7

original commit message:

Fix file operations in c_rehash. CVE-2022-2068

Reviewed-by: Matt Caswell matt@openssl.org Reviewed-by: Richard Levitte levitte@openssl.org

→ <<cset 6ba7ef72a6c4>>
- 2022-08-11T09:46:04+00:00
Log in to comment

Assignee: Takehiko NOZAKI

Type: bug

Priority: major

Status: resolved

Votes: 0

Watchers: 1