Hi Bastian,
First of all, I'm really surprised to see the way you are submitting
this bug report. I normally send a "thank you for this bug report" as an
introduction to each bug sent against my package, but not in this case.
It seems that you believe there's root exploits here, and yet, you are
s
Package: dtc-xen
Version: 0.5.13-3
Severity: grave
Tags: security
dtc-xen includes several command executions as root that uses unchecked
user input in dtc-soap-server.
| cmd = "/usr/sbin/dtc_kill_vps_disk %s %s" % (vpsname, imagetype)
| output = commands.getstatusoutput(cmd)
"imagetype" is the
2 matches
Mail list logo
