AVG-1089 log
Package | bzr |
Status | Unknown |
Severity | High |
Type | arbitrary code execution |
Affected | 2.7.0-3 |
Fixed | Unknown |
Current | Removed |
Ticket | FS#65227 |
Created | Tue Jan 21 15:43:50 2020 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2017-14176 | High | Yes | Arbitrary code execution | Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in... |
References |
---|
https://bugs.launchpad.net/brz/+bug/1710979 https://bazaar.launchpad.net/~brz/brz/trunk/revision/6754 https://sources.debian.org/src/bzr/2.7.0+bzr6622-15/debian/patches/27_fix_sec_ssh/ |