[devscripts] 01/01: Retrospectively add now assigned CVE for shell injection vulnerability

Salvatore Bonaccorso carnil at debian.org
Sun Aug 2 07:14:02 UTC 2015


This is an automated email from the git hooks/post-receive script.

carnil pushed a commit to branch master
in repository devscripts.

commit 55a22e00f9a43972b04d257eda40ce014b2b23dd
Author: Salvatore Bonaccorso <carnil at debian.org>
Date:   Sun Aug 2 09:09:00 2015 +0200

    Retrospectively add now assigned CVE for shell injection vulnerability
    
    Gbp-Dch: Ignore
---
 debian/changelog | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index 3ff016f..87ea8d3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,7 +1,8 @@
 devscripts (2.15.7) unstable; urgency=medium
 
   * licensecheck:
-    + Use Dpkg::IPC to run file to avoid shell injection.  (Closes: #794260)
+    + Use Dpkg::IPC to run file to avoid shell injection.
+      (Closes: #794260, CVE-2015-5704)
     + Change whitelist of mime types to greylist of encodings.  Restores
       ability to check files with mime types like text/x-c++ and
       application/postscript.  Thanks to Jonas Smedegaard for the patch.

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/devscripts.git



More information about the devscripts-devel mailing list