Freedom Issue #3495: [acme.sh] acme.sh runs arbitrary commands from a remote server - Packages - Parabola Issue Tracker

Freedom Issue #3495

[acme.sh] acme.sh runs arbitrary commands from a remote server

koffeinfriedhof - 11 months ago - . Updated 11 months ago.

Status:

not-a-bug

Priority:

bug

Assignee:

% Done:

Description

Source:
[https://github.com/acmesh-official/acme.sh/issues/4659]

I don't use it, I just stumbled upon it while reading news. I also do not know if it is "only" a freedom issue or a bug. At least s.o. with knowledge has to check the github issue.

History

Updated by bill-auger 11 months ago

Status changed from unconfirmed to not-a-bug

the exploit was fixed in a upstream new release yesterday - arch upgraded to that new release yesterday - and parabola got it yesterday

so ... good catch - thanks for reporting it - in this case, the arch maintainer also saw it, and acted immediately

Also available in: Atom PDF

Parabola GNU/Linux-libre

Project

General

Profile

Packages

Issues

Custom queries