On Sat, Dec 21, 2013 at 09:49:15PM -0500, James McCoy wrote:
Thanks for the patch. We've addressed this by other means and are
just pending some final review before uploading.
Ok, I've remove the pushed topic branch again.
Thanks for noticing that. I've made a change for this as well.
Control: tags -1 + patch
I've pushed a proposed fix for this security issue to the packaging
repo git://anonscm.debian.org/collab-maint/devscripts.git as the
branch CVE-2013-7085-ruin-someones-yuletide
One commit, see
Control: tag -1 pending
On Sun, Dec 22, 2013 at 01:17:01AM +0100, Stig Sandbeck Mathisen wrote:
I've pushed a proposed fix for this security issue to the packaging
repo git://anonscm.debian.org/collab-maint/devscripts.git as the
branch CVE-2013-7085-ruin-someones-yuletide
Thanks for the
Processing control commands:
tag -1 pending
Bug #732006 [devscripts] uscan: broken handling of filenames with whitespace
(CVE-2013-7085)
Added tag(s) pending.
--
732006: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732006
Debian Bug Tracking System
Contact ow...@bugs.debian.org with
Package: devscripts
Version: 2.13.5
Severity: grave
Tags: security
Justification: user security hole
If USCAN_EXCLUSION is enabled, uscan doesn't correctly handle filenames
containing whitespace. This can be abused my malicious upstream to
delete files of their choice. Proof of concept (that
5 matches
Mail list logo
