[MacPorts] #55439: bzr: Backport fix for CVE-2017-14176
MacPorts
noreply at macports.org
Thu Nov 30 16:09:27 UTC 2017
#55439: bzr: Backport fix for CVE-2017-14176
----------------------+--------------------
Reporter: raimue | Owner: raimue
Type: defect | Status: new
Priority: Normal | Milestone:
Component: ports | Version:
Keywords: security | Port: bzr
----------------------+--------------------
Upstream issue: https://bugs.launchpad.net/bzr/+bug/1710979
{{{
Bazaar suffers from the same bug that affects Mercuril and Git:
A hostname that starts with a - is passed on verbatim to the ssh command,
which means that the host bit in the URL can be used to set arbitrary SSH
options.
E.g. bzr log "bzr+ssh://-oProxyCommand=ls/path"
Presumably this only affects users that are using the Subprocess SSH
vendor, and not those using the Paramiko SSH Vendor.
}}}
--
Ticket URL: <https://trac.macports.org/ticket/55439>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list