Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-2914

fish (aka fish-shell) 2.0.0 before 2.1.1 does not restrict access to the configuration service (aka fish_config), which allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by set_prompt.

Related bugs and status

CVE-2014-2914 (Candidate) is related to these bugs:

Bug #1282631: Security update: fish version 2.1.1

		In	Importance	Status
1282631	Security update: fish version 2.1.1	fish (Ubuntu)	Undecided	Fix Released
1282631	Security update: fish version 2.1.1	fish (Debian)	Unknown	Fix Released
1282631	Security update: fish version 2.1.1	fish (Ubuntu Trusty)	Undecided	Confirmed

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://github.com/fis...
MISC: http://www.openwall.co...