Bug#901572: acccheck: CVE-2018-12268: Patch proposal
phil at reseau-libre.net
phil at reseau-libre.net
Mon Sep 3 08:25:09 BST 2018
tags 901572 + patch
user phil at reseau-libre.net
usertags pkg-security-team
thanks
Hello,
I've updated the acccheck.pl behavior to correct (i hope) the
CVE-2018-12268. User and password input files are sanitized before any
use in the generated commandline string. The patch is given attached to
this mail.
Nevertheless, the package doesn't have separated branches for stretch
and unstable releases, which leads to d/changelog files being denoted as
targetting for 'unstable' even in the stetch package. In the given
patch, the only missing point is the "stretch-security" naming of the
target, as it whould be better to separate into two branches first.
Cheers,
--
Philippe Thierry.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: remote_injection_bugfix.debdiff
Type: text/x-diff
Size: 2549 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-security-team/attachments/20180903/b1f758c5/attachment.diff>
More information about the Pkg-security-team
mailing list