CVE Request: devscripts (uscan) broken handling of filenames with whitespace

[Ratul Gupta <ratulg () redhat com>]

Hello,

A flaw is reported in the uscan script of devscripts:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732006

From the bug:

If USCAN_EXCLUSION is enabled, uscan doesn't correctly handle filenames 
containing whitespace. This can be abused my malicious upstream to 
delete files of their choice.

Can a CVE please be assigned to it? devscripts looks like it will be in 
the next fedora release.

--
Regards,

Ratul Gupta / Red Hat Security Response Team