·
69 commits
to master
since this release
version-0.6.79
mtomaschewski
Marius Tomaschewski
This tag was signed with the committer’s verified signature.
mtomaschewski
Marius Tomaschewski
6cb6987
This commit was signed with the committer’s verified signature.
mtomaschewski
Marius Tomaschewski
- Fix an indirect remote shell command injection via unsanitized
dhcp strings and leaseinfo dump (bsc#1265221,CVE-2026-44932):- Fix to escape single-quotes in leaseinfo dump output used by the
wicked test dhcp4andwicked test dhcp6and written to the
/run/wicked/leaseinfo.* files, e.g. to pass them to netconfig.
A netconfig modify filtered for strict key='value' lines without
any escaped quotes and discarded these lines already before. - Fix posix-tz-dbname and tz-string option processing checks to
permit only valid characters according to RFC4833. - Discard string values containing single-quotes in other options.
- Trigger to regenerate initrd that may contain wicked binaries on
updates from wicked versions <= 0.6.78.
- Fix to escape single-quotes in leaseinfo dump output used by the