Another nice find Bernd, but package names are restricted to include
only:
lower case letters (a-z), digits (0-9), plus (+) and minus (-) signs,
and periods (.). They must be at least two characters long and must
start with an alphanumeric character.
https://www.debian.org/doc/debian-policy/ch-
controlfields.html#s-f-Source
Therefore I'm thinking this is a simple programming mistake and not a
security bug.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1529857
Title:
Possible Shell Code injection when cleaning packages
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/1529857/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
