CVE-2013-7050

Published: 13 December 2013

The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name.

Priority

Medium

Status

Package Release Status
devscripts
Launchpad, Ubuntu, Debian
Upstream
Released (2.13.8)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(2.13.8git1)
Patches:
Upstream: http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git;a=commitdiff;h=91f05b5