Bug#794365: devscripts: licensecheck: CVE-2015-5705: argument injection vulnerability

Salvatore Bonaccorso Sun, 02 Aug 2015 00:45:22 -0700

Control: tags -1 + patch

Hi


Attached is proposed patch.

Regards,
Salvatore

>From c0d5696cb26f44698018c046c619ec3bc320bbc0 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <car...@debian.org>
Date: Sun, 2 Aug 2015 09:24:09 +0200
Subject: [PATCH] licensecheck: Separate command line options for file utility
 and argument

CVE-2015-5705: argument injection vulnerability

Closes: #794365
---
 scripts/licensecheck.pl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/licensecheck.pl b/scripts/licensecheck.pl
index 358dc35..78d9fd7 100755
--- a/scripts/licensecheck.pl
+++ b/scripts/licensecheck.pl
@@ -323,7 +323,7 @@ while (@files) {
 
     # Encode::Guess does not work well, use good old file command to get file encoding
     my $mime;
-    spawn(exec => ['file', '--brief', '--mime', '--dereference', $file],
+    spawn(exec => ['file', '--brief', '--mime', '--dereference', '--', $file],
           to_string => \$mime,
           error_to_file => '/dev/null',
           nocheck => 1,
-- 
2.5.0

Bug#794365: devscripts: licensecheck: CVE-2015-5705: argument injection vulnerability

Reply via email to