Bazaar

  1. Bug #1710979
  2. Comment #10

Comment 10 for bug 1710979

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bzr - 2.6.0+bzr6593-1ubuntu1.6

---------------
bzr (2.6.0+bzr6593-1ubuntu1.6) trusty-security; urgency=medium

  * SECURITY UPDATE: Possible arbitrary code execution on clients
    through malicious bzr+ssh URLs
    - debian/patches/24_ssh_hostnames-lp1710979: ensure that host
      arguments to ssh cannot be treated as ssh options.
    - LP: #1710979

 -- Steve Beattie <email address hidden> Mon, 28 Aug 2017 23:11:14 -0700