id,summary,reporter,owner,description,type,status,priority,milestone,component,version,resolution,keywords,cc,port 55439,bzr: Backport fix for CVE-2017-14176,raimue,raimue,"Upstream issue: https://bugs.launchpad.net/bzr/+bug/1710979 {{{ Bazaar suffers from the same bug that affects Mercuril and Git: A hostname that starts with a - is passed on verbatim to the ssh command, which means that the host bit in the URL can be used to set arbitrary SSH options. E.g. bzr log ""bzr+ssh://-oProxyCommand=ls/path"" Presumably this only affects users that are using the Subprocess SSH vendor, and not those using the Paramiko SSH Vendor. }}}",defect,closed,Normal,,ports,,fixed,security,,bzr