Overview

File _patchinfo of Package patchinfo.7863

<patchinfo incident="7863">
  <issue tracker="bnc" id="1066430">VUL-0: CVE-2017-16228: python-dulwich: Setting SSH arguments from untrusted URLs allows code execution</issue>
  <issue tracker="cve" id="2017-16228"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>rjschwei</packager>
  <description>This update for python-dulwich to version 0.18.5 fixes this security issue:

- CVE-2017-16228: Dulwich, when an SSH subprocess is used, allowed remote
  attackers to execute arbitrary commands via an ssh URL with an initial dash
  character in the hostname (bsc#1066430).

For detailed changes please see https://www.dulwich.io/code/dulwich/
  </description>
  <summary>Security update for python-dulwich</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places