-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : plexus-utils2 Version : 2.0.5-1+deb7u1 CVE ID : CVE-2017-1000487
Charles Duffy discovered that the Commandline class in plexus-utils2, a collection of components used by Apache Maven, does not correctly quote the contents of double-quoted strings. An attacker may use this flaw to inject arbitrary shell commands. For Debian 7 "Wheezy", these problems have been fixed in version 2.0.5-1+deb7u1. We recommend that you upgrade your plexus-utils2 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlpVPKtfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeQ7vhAAuyk2tcplHpY8FugWSSUgOjlYGfJuiA9BveDLIgJNBS3lKgiActwtophD gDMzWOHd9Why5fOhSq/HSrWwMEk9Pw9EMaHXuj8D9fVCdO4ZUrWp3OUCPkj+e4fW 2mzAgxs++/0GHOrfhe2OVAXnTEsqFjrihYiO+hZSjGl7XEbkGTUqglPET5/6TQ/S cJLSRVFXzwNAcO/NjEbMV27UwisYIgULQ1qs4VmQbiIiI0HlFahtAaSH3JFxPSPS jSUgX5ARY3plBIkEw2qVLv74Jt4iwAJb1h0+6xo64X4t8eNmDSAlq3qYvgQ2sKwQ IOH9D3a3bp52gu7I9QIbFi60H8MPZDTjYYgLehKTel4HuapdoDzH358lnwh1+DNg p2CXvxKd+CGCskDXdzpYVapIrQo2AUVK5zW073y0yM24SZBCtMvBxdXxI/6/omSc RmeH+A+wB12u7/8Zj0LqQwOzaQJ7wUQpoI8/c8/nh/6Rq18QhcAawgsIAV5Dg7qD fpdC13E4sJFgZeRBUUy915s8X1vTjQmHTceo3LWQ/eEryAQQB3y02O56+aMfto5D k24b92jPEE4+hLoTBgUpT34gV2YT+nBNV+PXoR88XYULgXkgW09UN8uc7xXYi9eX hkFvdGq9/AfX29jgx3K1DxdArm47Naz4mmHI30uIbZwm4I3Oz1A= =2v4y -----END PGP SIGNATURE-----
