Okay, From what I've seen, the code is effectively just horrible !
Thanks for adding the affect tag, as I've haven't seen the removal request. Cheers, Le 3 septembre 2018 11:07:08 GMT+02:00, Raphael Hertzog <hert...@debian.org> a écrit : >Control: affects 904200 acccheck > >On Mon, 03 Sep 2018, p...@reseau-libre.net wrote: >> I've updated the acccheck.pl behavior to correct (i hope) the >> CVE-2018-12268. User and password input files are sanitized before >any use >> in the generated commandline string. The patch is given attached to >this >> mail. > >FWIW, I requested the removal of the package a while ago: >https://bugs.debian.org/904200 > >And this is not the only security issue in that script... there's no >point >in spending any time on this issue. > >Cheers, >-- >Raphaël Hertzog ◈ Debian Developer > >Support Debian LTS: https://www.freexian.com/services/debian-lts.html >Learn to master Debian: https://debian-handbook.info/get/ -- O Philippe Thierry. /Y\/ GPG: 7010 9a3c e210 763e 6341 4581 c257 b91b cdaf c1ea o#o