ELA-266-1 software-properties security update

ansi escape sequence injection

2020-08-22
Packagesoftware-properties
Version0.92.25debian1+deb8u1
Related CVEs CVE-2020-15709

Jason A. Donenfeld found an ansi escape sequence injection into software-properties, a manager for apt repository sources. An attacker could manipulate the screen of a user prompted to install an additional repository (PPA).

For Debian 8 jessie, these problems have been fixed in version 0.92.25debian1+deb8u1.

We recommend that you upgrade your software-properties packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/