David Bremner <[email protected]> writes: > Source: cxref > Version: 1.6e-3 > Severity: important > Tags: security > X-Debbugs-Cc: [email protected], Debian Security Team > <[email protected]> > > dh_elpa prior to 1.16 is vulnerable to a path-injection bug via > $HOME. Please do a sourceful upload to rebuild against dh_elpa > 2.x. This will have the additional advantage of allowing future > maintainer script bugs to be fixed without a sourceful upload. >
As far as I can tell, dh_elpa is not actually used. It will help the dh_elpa maintainers if you remove the unused build-dependency when closing this bug. d
signature.asc
Description: PGP signature
