Bug#732006: uscan: broken handling of filenames with whitespace
Stig Sandbeck Mathisen
ssm at debian.org
Sun Dec 22 00:17:01 UTC 2013
Control: tags -1 + patch
I've pushed a proposed fix for this security issue to the packaging
repo git://anonscm.debian.org/collab-maint/devscripts.git as the
branch CVE-2013-7085-ruin-someones-yuletide
One commit, see
http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git;a=commit;h=f3b48a97d10fce5bb368b3af195b3c1cdb09e4b2
It's kind of a large commit for a small issue. Mostly because the
"wrap shell commands in backticks, and hope for the best" approach is
open for multiple potential issues, and I would like to remove them
all.
The change also fixes a second bug, where one could not exclude a
non-empty top level directory, but had to use "somedirectory/*".
--
Stig Sandbeck Mathisen
More information about the devscripts-devel
mailing list