Bug#731849: uscan: arbitrary code execution

Tue, 10 Dec 2013 05:45:59 -0800 

Package: devscripts
Version: 2.13.5
Severity: grave
Tags: security
Justification: user security hole
The newfangled debian/copyright-driven repacking can be exploited by malicious upstream to execute arbitrary code. Proof of concept is attached. 

--
Jakub Wilk

Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Files-Excluded:
 dummy

Attachment: foo-42.tar.gz
Description: Binary data

Reply via email to