Package: devscripts Version: 2.15.5 Severity: important Tags: security Control: retitle 794260 devscripts: licensecheck: CVE-2015-5704: shell injection vulnerability
Hi, On Fri, Jul 31, 2015 at 09:32:33PM +0200, Jakub Wilk wrote: > (If the variable were expanded by shell, command injection wouldn't be even > possible. You could still exploit argument injection, but that's less > exciting.) Let's open this to a new bug, since not fixed with #794260. CVE-2015-5705 was assigned to the argument injection vulnerability, see http://www.openwall.com/lists/oss-security/2015/08/01/7. Regards, Salvatore _______________________________________________ devscripts-devel mailing list devscripts-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel