oss-sec mailing list archives

Re: CVE Request: devscripts (uscan) broken handling of filenames with whitespace

From: cve-assign () mitre org
Date: Thu, 12 Dec 2013 22:25:36 -0500 (EST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If USCAN_EXCLUSION is enabled, uscan doesn't correctly handle filenames
containing whitespace. This can be abused my malicious upstream to
delete files of their choice.


Use CVE-2013-7085.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJSqnyLAAoJEKllVAevmvmspLgIALFtX//Ly03mk4N40kjk88en
YndflL0ZwPDDcZPd59CgyUaNOaOYGq+NsVFzrAacLA88Xnt76zHe7gT2EXHOYl4y
iaigFLDzsbYTW1kY1+A9lTn96LhVyGhGlr1sUyGWdV0js6BuTOf1qon3DNheTSRk
MEHsc6dl2bmxVCCsPl3un81tWP8GUQKqx5Z4f520Uwobild3UHwJM6rWfmsTPuif
kzpjvV+s1oG+vx4gLagg3IJ/IaD6ujlI2iw7fx8thc26ikcbPiHQHIGhKQWgXMYn
k1JyMZBizx/9gBCk9g/7dCp8SQTFI/fPAugsJWQGPcv/sQ59T1G8+T37Ph/rUaE=
=k0jK
-----END PGP SIGNATURE-----

Current thread:

CVE Request: devscripts (uscan) broken handling of filenames with whitespace Ratul Gupta (Dec 12)
- Re: CVE Request: devscripts (uscan) broken handling of filenames with whitespace cve-assign (Dec 12)