[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1236-1] plexus-utils security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : plexus-utils
Version        : 1:1.5.15-4+deb7u1
CVE ID         : CVE-2017-1000487

Charles Duffy discovered that the Commandline class in plexus-utils, a
collection of components used by Apache Maven, does not correctly
quote the contents of double-quoted strings. An attacker may use this
flaw to inject arbitrary shell commands.

For Debian 7 "Wheezy", these problems have been fixed in version
1:1.5.15-4+deb7u1.

We recommend that you upgrade your plexus-utils packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlpVPChfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeRgog/6Ak5aJNkiCFG1xll7PqvRuPUmM/gBzxrRP2T79QvKb7eK6gD5Nh1i1NF7
SUPw8eiZFLrl5Ej3X3in6Al+abpfig4CFgjRPUwQ7TfotHAsTNTxlz/1t+fTwWKt
kORgCiLPz4CeMMge0E2/bT8doJWpgDCBBYxX5kY6e9d7LPtfSZm9+uKrRdL/dPyT
fJX9pjm4l8bTtouVHkRac5S++TAmzTSO5QrqQgU9GjE/gqxoODWb0XUyUxO5pd2P
ETuqtB4DURmhe/ostD95pnQ/31qpN0dsk2C4Sqq9sMZa0s6k2T6dUnrMsfueZV2F
Qf7IC9ox5TdrSQ8I5y0XwcYxJ9A9z5d38E8VlCqSSdWahmjdqvBghiGycPU02SUV
9eUdZhyobdg3WekJe3wfJgdR/gN7dHGBov7x/XS1JAwQ4YEOQuQ5HaiuDjfDnU3l
461KVRWrgYSIKUuZF/vAsTX2sy5lhoRWH8o23KSqzOGCFh8yJPjTBTWrvvcgpB7V
O+Sfx1AC9CjzCSSiTldOPZeGIXpWpU7VGqjCuzcbs8QKJ00QQ0cPP14EZHKPHqis
TYx1MA0ZsfoHpZZZjlaFwXIstW8DtUVNXemkas1/3SeDU79YwKM0eKotQ8vJy3yQ
JSTF3fE+DM4Kiln9vc5Vk0HSFW9p82AAuEhtoe72vMWrrya/cN4=
=46Px
-----END PGP SIGNATURE-----


Reply to: