package: src:dash
severity: important
tags: security

Dash currently does not sanitize local variables, which differs from
the behavior in bash.

This can lead to issues when developers don't consider the difference
in behavior between dash and bash.  For example, this led to a
security issue in xdg-utils:
http://bugs.debian.org/777722

It would be preferable to match bash's behavior, but that probably
should a change pushed upstream.

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to