Home page logo

oss-sec logo oss-sec mailing list archives

CVE request: devscripts (uscan) command execution flaw
From: Murray McAllister <mmcallis () redhat com>
Date: Wed, 11 Dec 2013 15:03:10 +1100

Good morning,

A flaw was reported in the uscan script of devscripts:


From that bug report:

The newfangled debian/copyright-driven repacking can be exploited by
malicious upstream to execute arbitrary code.

The fix:


Can a CVE please be assigned? (I guess this is not Debian specific,
devscripts looks like it is/will be in the next Fedora release.)


Murray McAllister / Red Hat Security Response Team

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]