CVE-2013-7050
Published: 13 December 2013
The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name.
Notes
Author | Note |
---|---|
mdeslaur | introduced in 2.13.5 |
Priority
Status
Package | Release | Status |
---|---|---|
devscripts Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
raring |
Not vulnerable
|
|
saucy |
Not vulnerable
(2.13.4)
|
|
upstream |
Released
(2.13.8)
|
|
Patches: upstream: http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git;a=commitdiff;h=91f05b5 |