Hi there,
Has a Debian CVE been filed for this bug? Might be present in other distros
too, so could be useful to publish one.
Thanks,
Haoxi
On Tue, 8 Mar 2022 at 06:08, Marc Haber
wrote:
> Control: outlook -1 write test case, fix issue
> thanks
>
> On Tue, Sep 17, 2019 at 01:22:46PM +,
Control: outlook -1 write test case, fix issue
thanks
On Tue, Sep 17, 2019 at 01:22:46PM +, Haoxi Tan wrote:
> A command injection vulnerability has been found in the deluser
> program in the adduser package.
Embarrassing. My own bug. system() should never be used with a string,
just with an
Package: adduser
Version: 3.118
Severity: important
Dear Maintainer,
A command injection vulnerability has been found in the deluser program in the
adduser package.
When deleteing a user via deluser with dangerous characters in its name (such
as / and ;), the
commands injected are interpreted
3 matches
Mail list logo