Descriptionwebcheckout in myrepos through 1.20171231 does not sanitize URLs that are passed to git clone, allowing a malicious website operator or a MitM attacker to take advantage of it for arbitrary code execution, as demonstrated by an "ext::sh -c" attack or an option injection attack.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs840014

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mr (PTS)jessie1.16fixed
myrepos (PTS)jessie1.20141024vulnerable
bullseye, sid, buster1.20180726fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs


[stretch] - myrepos <no-dsa> (Minor issue)
[jessie] - myrepos <no-dsa> (Minor issue)
[wheezy] - mr <no-dsa> (Minor issue)
1.16 was made a source-based transitional package to myrepos not containg
in particular webcheckout anymore.;a=commitdiff;h=40a3df21c73f1bb1b6915cc6fa503f50814664c8

Search for package or bug name: Reporting problems