package: src:dash severity: important tags: security Dash currently does not sanitize local variables, which differs from the behavior in bash.
This can lead to issues when developers don't consider the difference in behavior between dash and bash. For example, this led to a security issue in xdg-utils: http://bugs.debian.org/777722 It would be preferable to match bash's behavior, but that probably should a change pushed upstream. Best wishes, Mike -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

