Package: devscripts Version: 2.15.5 Severity: important Tags: security Control: retitle 794260 devscripts: licensecheck: CVE-2015-5704: shell injection vulnerability
Hi, On Fri, Jul 31, 2015 at 09:32:33PM +0200, Jakub Wilk wrote: > (If the variable were expanded by shell, command injection wouldn't be even > possible. You could still exploit argument injection, but that's less > exciting.) Let's open this to a new bug, since not fixed with #794260. CVE-2015-5705 was assigned to the argument injection vulnerability, see http://www.openwall.com/lists/oss-security/2015/08/01/7. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
