Your message dated Mon, 23 Aug 2021 19:02:50 +0100 with message-id <CABwkT9oCt8514fY4S94-26rhzfYj=kepnd5q+_kgamejxlk...@mail.gmail.com> and subject line has caused the Debian Bug report #753972, regarding shellcheck: detect possibility of argument injection to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 753972: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753972 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: shellcheck Version: 0.3.3-1 Severity: wishlist Please check for the possibility of argument injection. Here are some examples of when that can occur and not occur. [1] is an example of how this can be exploited and [2] has an explanation of the issue. cp "$file" "$target" # bad cp -- "$file" "$target" # good cp "./$i" /target # good # bad for i in *.txt; do cp "$i" /target done # good for i in ./*.txt; do cp "$i" /target done 1. http://www.defensecode.com/public/DefenseCode_Unix_WildCards_Gone_Wild.txt 2. http://mywiki.wooledge.org/BashPitfalls#cp_.24file_.24target -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (900, 'testing'), (800, 'unstable'), (700, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.14-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages shellcheck depends on: ii libc6 2.19-4 ii libffi6 3.1-2 ii libgmp10 2:6.0.0+dfsg-4 shellcheck recommends no packages. shellcheck suggests no packages. -- no debconf information -- bye, pabs http://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---Hello, Thank you for reporting this, unfortunately this is not related to the packaging of shellcheck and depends on the upstream, I'm closing this bugreport, please forward it to upstream if you're interested in it. Regards, -- Samuel Henrique <samueloph>
--- End Message ---
_______________________________________________ Pkg-haskell-maintainers mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-haskell-maintainers
