Package: devscripts Version: 2.10.64 Severity: important File: /usr/bin/debsnap
Hi, debsnap does not check that the filename obtained from snapshot.d.o does not contain dangerous characters such as "/". This means a debsnap can be tricked into overwriting arbitrary files by sending a filename including directores. Regards, Ansgar PS: I am working on an alternative implementation of debsnap which would solve this and several other issues. It still needs some work though. -- To unsubscribe, send mail to [email protected].
