[Secure-testing-team] Bug#871810: cvs: CVE-2017-12836: CVS and ssh command injection

[Thorsten Glaser]

Sébastien Delafond dixit:

>On Aug/11, Thorsten Glaser wrote:
>> For {,{,old}old}stable-security, this should suffice:
>> [...]
>
>Would you be able to produce debdiffs for jessie and stretch, so we can
>review them and give you the go-ahead to upload to security-master ?

Yes, although they’d look like the patch I showed plus changelog.

But let me take care of sid first please, I also implement hostname
checking to be on the safe side, since other VCSes do so, too.

bye,
//mirabilos
-- 
18:47⎜<mirabilos:#!/bin/mksh> well channels… you see, I see everything in the
same window anyway      18:48⎜<xpt:#!/bin/mksh> i know, you have some kind of
telnet with automatic pong         18:48⎜<mirabilos:#!/bin/mksh> haha, yes :D
18:49⎜<mirabilos:#!/bin/mksh> though that's more tinyirc – sirc is more comfy