Debian 10260 Published by

An exuberant-ctags security update has been released for Debian GNU/Linux 9 Extended LTS to address a flaw that could result in arbitrary command execution.



ELA-761-1 exuberant-ctags security update

Package : exuberant-ctags
Version : 1:5.9~svn20110310-11+deb9u1 (stretch)

Related CVEs :
CVE-2022-4515

A flaw was found in the way the exubertant-ctags source code parser handled the “-o” command-line option which specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file could have resulted in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way.

  ELA-761-1 exuberant-ctags security update