oss-sec mailing list archives
Re: CVE Request: devscripts (uscan) broken handling of filenames with whitespace
From: cve-assign () mitre org
Date: Thu, 12 Dec 2013 22:25:36 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
If USCAN_EXCLUSION is enabled, uscan doesn't correctly handle filenames containing whitespace. This can be abused my malicious upstream to delete files of their choice.
Use CVE-2013-7085. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJSqnyLAAoJEKllVAevmvmspLgIALFtX//Ly03mk4N40kjk88en YndflL0ZwPDDcZPd59CgyUaNOaOYGq+NsVFzrAacLA88Xnt76zHe7gT2EXHOYl4y iaigFLDzsbYTW1kY1+A9lTn96LhVyGhGlr1sUyGWdV0js6BuTOf1qon3DNheTSRk MEHsc6dl2bmxVCCsPl3un81tWP8GUQKqx5Z4f520Uwobild3UHwJM6rWfmsTPuif kzpjvV+s1oG+vx4gLagg3IJ/IaD6ujlI2iw7fx8thc26ikcbPiHQHIGhKQWgXMYn k1JyMZBizx/9gBCk9g/7dCp8SQTFI/fPAugsJWQGPcv/sQ59T1G8+T37Ph/rUaE= =k0jK -----END PGP SIGNATURE-----
Current thread:
- CVE Request: devscripts (uscan) broken handling of filenames with whitespace Ratul Gupta (Dec 12)
- Re: CVE Request: devscripts (uscan) broken handling of filenames with whitespace cve-assign (Dec 12)