Advisories » MGASA-2015-0393

Updated isodumper package fixes command injection

Publication date: 09 Oct 2015
Modification date: 09 Oct 2015
Type: security
Affected Mageia releases : 5

Description

The volume label text could be injected and executed as a shell command
in raw_format.py from isodumper.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16910
• https://github.com/linuxmint/mintstick/issues/42
• https://bugs.launchpad.net/linuxmint/+bug/1460775

SRPMS

5/core

• isodumper-0.43-1.mga5