Date: Thu, 12 Dec 2013 17:37:24 +0530 From: Ratul Gupta <ratulg@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE Request: devscripts (uscan) broken handling of filenames with whitespace Hello, A flaw is reported in the uscan script of devscripts: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732006 From the bug: If USCAN_EXCLUSION is enabled, uscan doesn't correctly handle filenames containing whitespace. This can be abused my malicious upstream to delete files of their choice. Can a CVE please be assigned to it? devscripts looks like it will be in the next fedora release. -- Regards, Ratul Gupta / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.