Bug#801398: [Patch] Replace Dpkg::IPC::spawn with IPC::Run::run
Salvatore Bonaccorso
carnil at debian.org
Fri Oct 9 17:36:21 UTC 2015
Hi,
On Fri, Oct 09, 2015 at 05:22:16PM +0200, Sandro Mani wrote:
> Some time back licensecheck grew a dependency on Dpkg::IPC [1], which on
> Fedora causes the "devscripts-minimal" package (which includes licensecheck)
> to pull in dpkg. I'd like to propose the patch below to reduce the
> dependency load:
[...]
If this is changed, one needs to make sure that CVE-2015-5705 /
#794365 isn't reintroduced (argument injection vulnerability).
Regards,
Salvatore
More information about the devscripts-devel
mailing list