Bug#1069272: ITP: rcut -- cut in rust with full string delimiters and field numbers

Package: wnpp Version: N/A; reported 2024-04-19 Severity: wishlist * Package name : rcut Version : 0.2.3 Upstream Author : Haoxi Tan * URL : https://github.com/h4sh5/rcut/ * License : GPLv3 Description : rcut is a cut like program written in rust, with full string delimiters and field index

Bug#940577: adduser: [SECURITY] command injection in deluser program when invoking crontab with malicious username

2:46PM +0000, Haoxi Tan wrote: > > A command injection vulnerability has been found in the deluser > > program in the adduser package. > > Embarrassing. My own bug. system() should never be used with a string, > just with an array, to avoid a shell being used to execute the code

Bug#940577: adduser: [SECURITY] command injection in deluser program when invoking crontab with malicious username

Package: adduser Version: 3.118 Severity: important Dear Maintainer, A command injection vulnerability has been found in the deluser program in the adduser package. When deleteing a user via deluser with dangerous characters in its name (such as / and ;), the commands injected are interpreted