osc before 0.151.0 allows remote attackers to execute arbitrary commands via
shell metacharacters in a _service file.
It has been some time since this Bug received an update. Since it is security related, bringing it up to the surface so it is not forgotten.
This is a B2 with no attention for a few months.
Ok six months have gone buy with not a peep from the suse herd. Please make a decision either to maintain / update the package, if not please take steps in removing it from tree.
0.152.0 in the tree.
Arches please stabilise this and add also suse-build 2015.11.*.
x86 done, last arch!
Arches and Maintainer(s), Thank you for your work.
New GLSA Request filed.
Maintainer(s), please drop the vulnerable version(s).
This issue was resolved and addressed in
GLSA 201603-02 at https://security.gentoo.org/glsa/201603-02
by GLSA coordinator Kristian Fiskerstrand (K_F).