-
Committer:
Bazaar Package Importer
-
Author(s):
Martin Pitt
-
Date:
2006-02-20 14:49:20 UTC
-
mfrom:
(1.2.1 upstream)
-
Revision ID:
james.westby@ubuntu.com-20060220144920-as039iixs6pqzzsx
Tags: 1:4.2p1-5ubuntu2
* SECURITY UPDATE: Shell code injection with crafted file names in scp.
* Ported upstream patch from 4.3p2 to replace system() call with a proper
exec() call; this avoids expanding shell metacharacters in local-to-local
or remote-to-remote copies.
* CVE-2006-0225