Control: tags -1 + patch I've pushed a proposed fix for this security issue to the packaging repo git://anonscm.debian.org/collab-maint/devscripts.git as the branch CVE-2013-7085-ruin-someones-yuletide
One commit, see http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git;a=commit;h=f3b48a97d10fce5bb368b3af195b3c1cdb09e4b2 It's kind of a large commit for a small issue. Mostly because the "wrap shell commands in backticks, and hope for the best" approach is open for multiple potential issues, and I would like to remove them all. The change also fixes a second bug, where one could not exclude a non-empty top level directory, but had to use "somedirectory/*". -- Stig Sandbeck Mathisen _______________________________________________ devscripts-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel
