Bug#794365: devscripts: licensecheck: CVE-2015-5705: argument injection vulnerability
Salvatore Bonaccorso
carnil at debian.org
Sun Aug 2 07:20:34 UTC 2015
Package: devscripts
Version: 2.15.5
Severity: important
Tags: security
Control: retitle 794260 devscripts: licensecheck: CVE-2015-5704: shell injection vulnerability
Hi,
On Fri, Jul 31, 2015 at 09:32:33PM +0200, Jakub Wilk wrote:
> (If the variable were expanded by shell, command injection wouldn't be even
> possible. You could still exploit argument injection, but that's less
> exciting.)
Let's open this to a new bug, since not fixed with #794260.
CVE-2015-5705 was assigned to the argument injection vulnerability,
see http://www.openwall.com/lists/oss-security/2015/08/01/7.
Regards,
Salvatore
More information about the devscripts-devel
mailing list