[ubuntu-mono] [Bug 691780] [NEW] Security vulnerability allows violation of the type system and possibly execution of arbitrary code
Chris Howie
691780 at bugs.launchpad.net
Sat Dec 18 02:47:10 UTC 2010
*** This bug is a security vulnerability ***
Private security bug reported:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4254
http://secunia.com/advisories/42373/
A bug in generics allows violation of the type system. When paired with
delegate types, this may allow a crafted Moonlight application to
execute arbitrary code. 2.3.0.1 is the most recent version and is
currently the only 2.x version free of this bug.
** Affects: moon (Ubuntu)
Importance: Undecided
Status: New
** Visibility changed to: Public
** Visibility changed to: Private
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-4254
--
You received this bug notification because you are a member of Ubuntu
CLI/Mono Uploaders, which is a direct subscriber.
https://bugs.launchpad.net/bugs/691780
Title:
Security vulnerability allows violation of the type system and possibly execution of arbitrary code
Status in “moon” package in Ubuntu:
New
Bug description:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4254
http://secunia.com/advisories/42373/
A bug in generics allows violation of the type system. When paired with delegate types, this may allow a crafted Moonlight application to execute arbitrary code. 2.3.0.1 is the most recent version and is currently the only 2.x version free of this bug.
More information about the Ubuntu-mono
mailing list