CVE-2015-0778 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0778): osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file.
It has been some time since this Bug received an update. Since it is security related, bringing it up to the surface so it is not forgotten. This is a B2 with no attention for a few months. Any updates?
Ok six months have gone buy with not a peep from the suse herd. Please make a decision either to maintain / update the package, if not please take steps in removing it from tree.
0.152.0 in the tree. Arches please stabilise this and add also suse-build 2015.11.*.
amd64 stable
x86 done, last arch!
Arches and Maintainer(s), Thank you for your work. New GLSA Request filed. Maintainer(s), please drop the vulnerable version(s).
This issue was resolved and addressed in GLSA 201603-02 at https://security.gentoo.org/glsa/201603-02 by GLSA coordinator Kristian Fiskerstrand (K_F).