Package: devscripts Version: 2.10.64 Severity: important File: /usr/bin/debsnap
Hi, debsnap does not check that the filename obtained from snapshot.d.o does not contain dangerous characters such as "/". This means a debsnap can be tricked into overwriting arbitrary files by sending a filename including directores. Regards, Ansgar PS: I am working on an alternative implementation of debsnap which would solve this and several other issues. It still needs some work though. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
