-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : plexus-utils Version : 1:1.5.15-4+deb7u1 CVE ID : CVE-2017-1000487
Charles Duffy discovered that the Commandline class in plexus-utils, a collection of components used by Apache Maven, does not correctly quote the contents of double-quoted strings. An attacker may use this flaw to inject arbitrary shell commands. For Debian 7 "Wheezy", these problems have been fixed in version 1:1.5.15-4+deb7u1. We recommend that you upgrade your plexus-utils packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlpVPChfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRgog/6Ak5aJNkiCFG1xll7PqvRuPUmM/gBzxrRP2T79QvKb7eK6gD5Nh1i1NF7 SUPw8eiZFLrl5Ej3X3in6Al+abpfig4CFgjRPUwQ7TfotHAsTNTxlz/1t+fTwWKt kORgCiLPz4CeMMge0E2/bT8doJWpgDCBBYxX5kY6e9d7LPtfSZm9+uKrRdL/dPyT fJX9pjm4l8bTtouVHkRac5S++TAmzTSO5QrqQgU9GjE/gqxoODWb0XUyUxO5pd2P ETuqtB4DURmhe/ostD95pnQ/31qpN0dsk2C4Sqq9sMZa0s6k2T6dUnrMsfueZV2F Qf7IC9ox5TdrSQ8I5y0XwcYxJ9A9z5d38E8VlCqSSdWahmjdqvBghiGycPU02SUV 9eUdZhyobdg3WekJe3wfJgdR/gN7dHGBov7x/XS1JAwQ4YEOQuQ5HaiuDjfDnU3l 461KVRWrgYSIKUuZF/vAsTX2sy5lhoRWH8o23KSqzOGCFh8yJPjTBTWrvvcgpB7V O+Sfx1AC9CjzCSSiTldOPZeGIXpWpU7VGqjCuzcbs8QKJ00QQ0cPP14EZHKPHqis TYx1MA0ZsfoHpZZZjlaFwXIstW8DtUVNXemkas1/3SeDU79YwKM0eKotQ8vJy3yQ JSTF3fE+DM4Kiln9vc5Vk0HSFW9p82AAuEhtoe72vMWrrya/cN4= =46Px -----END PGP SIGNATURE-----
