Debian Security Advisory 1878 devscripts – missing input sanitation

34
Article Source Debian Security Advisories
September 1, 2009, 5:00 pm

Raphael Geissert discovered that uscan, a program to check for availability of new source code versions which is part of the devscripts package, runs Perl code downloaded from potentially untrusted sources to implement its URL and version mangling functionality. This update addresses this issue by reimplementing the relevant Perl operators without relying on the Perl interpreter, trying to preserve backwards compatibility as much as possible…

Read More