Bug#901572: acccheck: CVE-2018-12268: Patch proposal
Phil.
phil at reseau-libre.net
Mon Sep 3 11:24:38 BST 2018
Okay,
From what I've seen, the code is effectively just horrible !
Thanks for adding the affect tag, as I've haven't seen the removal request.
Cheers,
Le 3 septembre 2018 11:07:08 GMT+02:00, Raphael Hertzog <hertzog at debian.org> a écrit :
>Control: affects 904200 acccheck
>
>On Mon, 03 Sep 2018, phil at reseau-libre.net wrote:
>> I've updated the acccheck.pl behavior to correct (i hope) the
>> CVE-2018-12268. User and password input files are sanitized before
>any use
>> in the generated commandline string. The patch is given attached to
>this
>> mail.
>
>FWIW, I requested the removal of the package a while ago:
>https://bugs.debian.org/904200
>
>And this is not the only security issue in that script... there's no
>point
>in spending any time on this issue.
>
>Cheers,
>--
>Raphaël Hertzog ◈ Debian Developer
>
>Support Debian LTS: https://www.freexian.com/services/debian-lts.html
>Learn to master Debian: https://debian-handbook.info/get/
--
O Philippe Thierry.
/Y\/ GPG: 7010 9a3c e210 763e 6341 4581 c257 b91b cdaf c1ea
o#o
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-security-team/attachments/20180903/f80e0832/attachment.html>
More information about the Pkg-security-team
mailing list