Control: reassign -1 src:util-linux 2.29.2-1
Control: tags -1 + upstream fixed-upstream
Thanks for reporting the issue!
On Tue, Mar 06, 2018 at 02:44:39PM +0100, Björn Bosselmann wrote:
> Package: bash-completion
> Version: 1:2.1-4.3
> Severity: grave
> Tags: security
> when bash-completion is installed, it uses
> /usr/share/bash-completion/completions/umount from umount package to
> provide autocompletion. This script does not escape mount paths
> correctly, so it allows a local user with rights to mount filesystems to
> execute commands in the context of the umount user (probably root).
> Unprivileged users can mount filesystems with custom mountpoints using
> udisks2, FUSE or with the help of desktop environments.
The umount completion is actually provided by util-linux (since 2.28-1
where it took over from bash-completion itself). I'm thus reassigning
it to src:util-linux. Then if the issue is present as well in
bash-completion earlier than 1:2.1-4.3, then 1:2.1-4.3 removed the
completion and would not be affected in the resulting binary packages
(source still might be).