licensecheck: Separate filename from args in file call
This prevents the situation where $file happens to be a valid switch
for the file command (e.g. -C) which causes side-effects. If properly
setup, it's possible to cause file to traverse a symlink and overwrite a
file.
Closes: #794365, CVE-2015-5705
Signed-off-by: James McCoy <jamessan@debian.org>
parent
55a22e00
Please register or sign in to comment