CVE-2017-14176

NameCVE-2017-14176
Descriptionbzr+ssh URLs don't strip SSH options
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
Debian Bugs874429

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bzr (PTS)wheezy2.6.0~bzr6526-1vulnerable
jessie2.6.0+bzr6595-6vulnerable
stretch2.7.0+bzr6619-7vulnerable
buster, sid2.7.0+bzr6622-7fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bzrsource(unstable)2.7.0+bzr6622-7874429

Notes

https://bugs.launchpad.net/bzr/+bug/1710979

Search for package or bug name: Reporting problems