Bug#901572: acccheck: CVE-2018-12268: Patch proposal
Raphael Hertzog
hertzog at debian.org
Mon Sep 3 10:07:08 BST 2018
Control: affects 904200 acccheck
On Mon, 03 Sep 2018, phil at reseau-libre.net wrote:
> I've updated the acccheck.pl behavior to correct (i hope) the
> CVE-2018-12268. User and password input files are sanitized before any use
> in the generated commandline string. The patch is given attached to this
> mail.
FWIW, I requested the removal of the package a while ago:
https://bugs.debian.org/904200
And this is not the only security issue in that script... there's no point
in spending any time on this issue.
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/
More information about the Pkg-security-team
mailing list