In scripts/licensecheck.pl, there is executed code, that is vulnerable to shell command injection via shell metacharacters in filename. my $mime = `file --brief --mime --dereference $file`; Upstream patch: https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=c0687bcde23108dd42e146573c368b6905e6b8e8 CVE assignment: http://www.openwall.com/lists/oss-security/2015/08/01/7
Created devscripts tracking bugs for this issue: Affects: fedora-all [bug 1249636]
devscripts-2.15.8-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
devscripts-2.15.8-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.