oss-sec mailing list archives
CVE Request: devscripts (uscan) broken handling of filenames with whitespace
From: Ratul Gupta <ratulg () redhat com>
Date: Thu, 12 Dec 2013 17:37:24 +0530
Hello, A flaw is reported in the uscan script of devscripts: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732006 From the bug:If USCAN_EXCLUSION is enabled, uscan doesn't correctly handle filenames containing whitespace. This can be abused my malicious upstream to delete files of their choice.
Can a CVE please be assigned to it? devscripts looks like it will be in the next fedora release.
-- Regards, Ratul Gupta / Red Hat Security Response Team
Current thread:
- CVE Request: devscripts (uscan) broken handling of filenames with whitespace Ratul Gupta (Dec 12)
- Re: CVE Request: devscripts (uscan) broken handling of filenames with whitespace cve-assign (Dec 12)