Freedom Issue #3495
[acme.sh] acme.sh runs arbitrary commands from a remote server
Status:
not-a-bug
Priority:
bug
Assignee:
-
% Done:
0%
Description
Source:
[https://github.com/acmesh-official/acme.sh/issues/4659]
I don't use it, I just stumbled upon it while reading news. I also do not know if it is "only" a freedom issue or a bug. At least s.o. with knowledge has to check the github issue.
History
Updated by bill-auger 11 months ago
- Status changed from unconfirmed to not-a-bug
the exploit was fixed in a upstream new release yesterday - arch upgraded to that new release yesterday - and parabola got it yesterday
so ... good catch - thanks for reporting it - in this case, the arch maintainer also saw it, and acted immediately