Skip to content
Commit 446f11df authored by Guillem Jover's avatar Guillem Jover
Browse files

libdpkg: Escape package and architecture on control file parsing warning

The package and architecture names are injected into a variable that is
used as a format string. Because these are user controlled, we need to
format-escape them so that they become inert.

Regression introduced in commmit 3be2cf60.

Fixes: CVE-2014-8625
Closes: #768485


Reporteb-by: default avatarJoshua Rogers <megamansec@gmail.com>
parent b89caa79
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment