id summary reporter owner description type status priority milestone component version resolution keywords cc port 55439 bzr: Backport fix for CVE-2017-14176 raimue raimue "Upstream issue: https://bugs.launchpad.net/bzr/+bug/1710979 {{{ Bazaar suffers from the same bug that affects Mercuril and Git: A hostname that starts with a - is passed on verbatim to the ssh command, which means that the host bit in the URL can be used to set arbitrary SSH options. E.g. bzr log ""bzr+ssh://-oProxyCommand=ls/path"" Presumably this only affects users that are using the Subprocess SSH vendor, and not those using the Paramiko SSH Vendor. }}}" defect closed Normal ports fixed security bzr