Control: reassign -1 src:util-linux 2.29.2-1
Control: tags -1 + upstream fixed-upstream

Hi Björn

Thanks for reporting the issue!

On Tue, Mar 06, 2018 at 02:44:39PM +0100, Björn Bosselmann wrote:
> Package: bash-completion
> Version: 1:2.1-4.3
> Severity: grave
> Tags: security
> Hi,
> when bash-completion is installed, it uses
> /usr/share/bash-completion/completions/umount from umount package to
> provide autocompletion. This script does not escape mount paths
> correctly, so it allows a local user with rights to mount filesystems to
> execute commands in the context of the umount user (probably root).
> Unprivileged users can mount filesystems with custom mountpoints using
> udisks2, FUSE or with the help of desktop environments.

The umount completion is actually provided by util-linux (since 2.28-1
where it took over from bash-completion itself). I'm thus reassigning
it to src:util-linux. Then if the issue is present as well in
bash-completion earlier than 1:2.1-4.3, then 1:2.1-4.3 removed the
completion and would not be affected in the resulting binary packages
(source still might be).


Reply via email to