Control: tags -1 + patch Hi
Attached is proposed patch. Regards, Salvatore
>From c0d5696cb26f44698018c046c619ec3bc320bbc0 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso <car...@debian.org> Date: Sun, 2 Aug 2015 09:24:09 +0200 Subject: [PATCH] licensecheck: Separate command line options for file utility and argument CVE-2015-5705: argument injection vulnerability Closes: #794365 --- scripts/licensecheck.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/licensecheck.pl b/scripts/licensecheck.pl index 358dc35..78d9fd7 100755 --- a/scripts/licensecheck.pl +++ b/scripts/licensecheck.pl @@ -323,7 +323,7 @@ while (@files) { # Encode::Guess does not work well, use good old file command to get file encoding my $mime; - spawn(exec => ['file', '--brief', '--mime', '--dereference', $file], + spawn(exec => ['file', '--brief', '--mime', '--dereference', '--', $file], to_string => \$mime, error_to_file => '/dev/null', nocheck => 1, -- 2.5.0
_______________________________________________ devscripts-devel mailing list devscripts-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel