Red Hat Bugzilla – Bug 1249635
CVE-2015-5704 devscripts: arbitrary shell command injection
Last modified: 2015-08-15 06:34:47 EDT
In scripts/licensecheck.pl, there is executed code, that is vulnerable to shell command injection via shell metacharacters in filename.
my $mime = `file --brief --mime --dereference $file`;
Created devscripts tracking bugs for this issue:
Affects: fedora-all [bug 1249636]
devscripts-2.15.8-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
devscripts-2.15.8-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.