Bug#731849: uscan: arbitrary code execution
Jakub Wilk
jwilk at debian.org
Tue Dec 10 13:40:23 UTC 2013
Package: devscripts
Version: 2.13.5
Severity: grave
Tags: security
Justification: user security hole
The newfangled debian/copyright-driven repacking can be exploited by
malicious upstream to execute arbitrary code. Proof of concept is
attached.
--
Jakub Wilk
-------------- next part --------------
Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Files-Excluded:
dummy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: foo-42.tar.gz
Type: application/octet-stream
Size: 152 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/devscripts-devel/attachments/20131210/3c0e30aa/attachment.obj>
More information about the devscripts-devel
mailing list