An exuberant-ctags security update has been released for Debian GNU/Linux 9 Extended LTS to address a flaw that could result in arbitrary command execution.
ELA-761-1 exuberant-ctags security update
Package : exuberant-ctags
ELA-761-1 exuberant-ctags security update
Version : 1:5.9~svn20110310-11+deb9u1 (stretch)
Related CVEs :
CVE-2022-4515
A flaw was found in the way the exubertant-ctags source code parser handled the “-o” command-line option which specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file could have resulted in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way.
