CVE-2007-6610

NameCVE-2007-6610
Descriptionunp 1.0.12, and other versions before 1.0.14, does not properly escape file names, which might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument. NOTE: this might only be a vulnerability when unp is invoked by a third party product.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs448437

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
unp (PTS)buster2.0~pre7+nmu1fixed
bullseye2.0~pre9fixed
bookworm2.0~pre10fixed
sid, trixie2.0fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
unpsource(unstable)1.0.13low448437

Notes

[etch] - unp <no-dsa> (Only used as archiver in third-party software)
Search for package or bug name: Reporting problems