Debian 10261 Published by

A software-properties security update has been released for Debian GNU/Linux 8 Extended LTS to address an issue where an ansi escape sequence can be injection into software-properties.



ELA-266-1 software-properties security update

Package software-properties
Version 0.92.25debian1+deb8u1
Related CVEs CVE-2020-15709

Jason A. Donenfeld found an ansi escape sequence injection into software-properties, a manager for apt repository sources. An attacker could manipulate the screen of a user prompted to install an additional repository (PPA).

For Debian 8 jessie, these problems have been fixed in version 0.92.25debian1+deb8u1.

We recommend that you upgrade your software-properties packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-266-1 software-properties security update