libdpkg: Escape package and architecture on control file parsing warning
The package and architecture names are injected into a variable that is used as a format string. Because these are user controlled, we need to format-escape them so that they become inert. Regression introduced in commmit 3be2cf60. Fixes: CVE-2014-8625 Closes: #768485 Reporteb-by: Joshua Rogers <megamansec@gmail.com>
parent
b89caa79
Please register or sign in to comment