tag 794260 pending
thanks
Hello,
Bug #794260 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:
http://git.debian.org/?p=collab-maint/devscripts.git;a=commitdiff;h=c0687bc
---
commit c0687bcde23108dd42e146573c368b6905e6b8e8
Author: James McCoy <[email protected]>
Date: Fri Jul 31 19:56:36 2015 -0400
licensecheck: Use Dpkg::IPC to run file command
The command being run through `` allowed the shell to interpret the
given file argument, which allows arbitrary command execution. Using
Dpkg::IPC avoids the shell, directly executing file.
Closes: #794260
Signed-off-by: James McCoy <[email protected]>
diff --git a/debian/changelog b/debian/changelog
index a9cd9cb..6536846 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+devscripts (2.15.7) UNRELEASED; urgency=medium
+
+ * licensecheck:
+ + Use Dpkg::IPC to run file to avoid shell injection. (Closes: #794260)
+
+ -- James McCoy <[email protected]> Fri, 31 Jul 2015 19:53:04 -0400
+
devscripts (2.15.6) unstable; urgency=medium
[ Paul Wise ]
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
