AVG-1089 log
| Package | bzr |
| Status | Unknown |
| Severity | High |
| Type | arbitrary code execution |
| Affected | 2.7.0-3 |
| Fixed | Unknown |
| Current | Removed |
| Ticket | FS#65227 |
| Created | Tue Jan 21 15:43:50 2020 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2017-14176 | High | Yes | Arbitrary code execution | Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in... |
| References |
|---|
https://bugs.launchpad.net/brz/+bug/1710979 https://bazaar.launchpad.net/~brz/brz/trunk/revision/6754 https://sources.debian.org/src/bzr/2.7.0+bzr6622-15/debian/patches/27_fix_sec_ssh/ |