Bazaar up to and including 2.7.0, when Subprocess SSH is used, allows remote malicious users to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
debian debian linux 9.0 |
||
debian debian linux 8.0 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 17.04 |
||
canonical ubuntu linux 14.04 |
||
canonical bazaar |