Branch: refs/heads/master Home: https://github.com/openSUSE/osc Commit: c9c0f8a7317678ca61cc50cdda9b24bb00e96e29 https://github.com/openSUSE/osc/commit/c9c0f8a7317678ca61cc50cdda9b24bb00e96... Author: Marcus Huewe <suse-tux@gmx.de> Date: 2017-09-28 (Thu, 28 Sep 2017) Changed paths: M osc/core.py Log Message: ----------- Fix potential shell injections Also, document a potential shell injection in core.unpack_srcrpm (via the "files" parameter), which cannot be exploited, because "files" is not used by the current osc code. Fixes: #340 ("osc add of directories does not quote the argument")