subject:"Bug#1053098\: unadf 0.7.11a\-5 calls system\(\) with unsanitized input"

Bug#1053098: unadf 0.7.11a-5 calls system() with unsanitized input

2023-09-28 Thread Salvatore Bonaccorso

Hi, On Wed, Sep 27, 2023 at 01:19:31PM +0300, Jani Nikula wrote: > Package: unadf > Version: 0.7.11a-5 > Severity: grave > Tags: security > Justification: user security hole > X-Debbugs-Cc: Debian Security Team > > Dear Maintainer, > > See upstream ADFLib commit 8e973d7b8945 ("Fix unsafe

Bug#1053098: unadf 0.7.11a-5 calls system() with unsanitized input

2023-09-27 Thread Jani Nikula

Package: unadf Version: 0.7.11a-5 Severity: grave Tags: security Justification: user security hole X-Debbugs-Cc: Debian Security Team Dear Maintainer, See upstream ADFLib commit 8e973d7b8945 ("Fix unsafe extraction by using mkdir() instead of shell command") [1]. 'unadf' passes the directory