Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE request: devscripts (uscan) command execution flaw
From: Murray McAllister <mmcallis () redhat com>
Date: Wed, 11 Dec 2013 15:03:10 +1100

Good morning,

A flaw was reported in the uscan script of devscripts:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731849

From that bug report:

""
The newfangled debian/copyright-driven repacking can be exploited by
malicious upstream to execute arbitrary code.
""

The fix:

http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git;a=commitdiff;h=91f05b5

Can a CVE please be assigned? (I guess this is not Debian specific,
devscripts looks like it is/will be in the next Fedora release.)

Thanks!

--
Murray McAllister / Red Hat Security Response Team


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]