Package: devscripts Version: 2.13.5 Severity: grave Tags: security Justification: user security hole
The newfangled debian/copyright-driven repacking can be exploited by malicious upstream to execute arbitrary code. Proof of concept is attached.
-- Jakub Wilk
Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Files-Excluded: dummy
foo-42.tar.gz
Description: Binary data
_______________________________________________ devscripts-devel mailing list devscripts-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel
