Security update for python-dulwich
This update for python-dulwich to version 0.18.5 fixes this security issue:
- CVE-2017-16228: Dulwich, when an SSH subprocess is used, allowed remote
attackers to execute arbitrary commands via an ssh URL with an initial dash
character in the hostname (bsc#1066430).
For detailed changes please see https://www.dulwich.io/code/dulwich/
This update was imported from the SUSE:SLE-12:Update update project.
-
Submitted by
Robert Schweikert (rjschwei)
Fixed bugs
bnc#1066430
VUL-0: CVE-2017-16228: python-dulwich: Setting SSH arguments from untrusted URLs allows code execution
