Hi,

The following vulnerability was published for nuitka.

CVE-2022-2054[0]:
| Command Injection in GitHub repository nuitka/nuitka prior to 0.9.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

https://huntr.dev/bounties/ea4a842c-c48c-4aae-a599-3305125c63a7/
https://github.com/nuitka/nuitka/commit/09647745d7cbb6ff32f9fa948f19d5558b32bcad


For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-2054
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2054

Please adjust the affected versions in the BTS as needed.

We believe that the bug you reported is fixed in the latest version of
nuitka, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1012762@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kay Hayen <kay.hayen@gmail.com> (supplier of updated nuitka package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Thu, 23 Jun 2022 08:36:25 +0200
Source: nuitka
Binary: nuitka
Architecture: source all
Version: 0.9+ds-1
Distribution: unstable
Urgency: medium
Maintainer: Kay Hayen <kay.hayen@gmail.com>
Changed-By: Kay Hayen <kay.hayen@gmail.com>
Description:
 nuitka     - Python compiler with full language support and CPython compatibil
Closes: 1006051 1012762
Changes:
 nuitka (0.9+ds-1) unstable; urgency=medium
 .
   * New upstream release.
 .
   * Python 3.10 is now compatible again. (Closes: #1006051)
 .
   * Solved CVE-2022-2054 (Closes: #1012762)
Checksums-Sha1:
 81522bf16cafec2d2414f97677b1bea00f840b81 2415 nuitka_0.9+ds-1.dsc
 42e740cb398503db853994c00a16ab3a8b0cf736 1610068 nuitka_0.9+ds.orig.tar.gz
 430b984b7e49cd07b5e6a9a0732f2823f076dc42 12956 nuitka_0.9+ds-1.debian.tar.xz
 d46f56fbe82440cdccb235b9718c41d16d583ddb 1329420 nuitka_0.9+ds-1_all.deb
 3d094908a266cfa24cf84289874e95c73d488fd9 9938 nuitka_0.9+ds-1_amd64.buildinfo
Checksums-Sha256:
 e014379fc4e03e5853a46107e1b416a0cff722fff071c9d9a11a19e782b83761 2415 nuitka_0.9+ds-1.dsc
 04332d0a4f42712a078dcb6b99e19fda26e7e282a45636a0cde58cdce6eafb9f 1610068 nuitka_0.9+ds.orig.tar.gz
 cd23918d72327aba79004dc5d52d0213dfa1accd7de9a95a400dd0ea5918b485 12956 nuitka_0.9+ds-1.debian.tar.xz
 76a163fd9a1b3bfb0622d73313f3dfd1bf7d4e1ae05a8609b0e44bef966db833 1329420 nuitka_0.9+ds-1_all.deb
 c89d3b02f025d1bf6c2003a977c6ba9e0b95df2f8dc384b823a7aebbb07eb5ae 9938 nuitka_0.9+ds-1_amd64.buildinfo
Files:
 65da9c471317c580369c382a4f67a43c 2415 python optional nuitka_0.9+ds-1.dsc
 fe3471ba480afe195fdf63e559db1ac7 1610068 python optional nuitka_0.9+ds.orig.tar.gz
 4f97d7e6707528887f8ffe34f394e852 12956 python optional nuitka_0.9+ds-1.debian.tar.xz
 7723b77fc623e95df75bb3ff382dd06a 1329420 python optional nuitka_0.9+ds-1_all.deb
 d982d1e98b1c1ce8ae27bdd476577798 9938 python optional nuitka_0.9+ds-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEExbkF8OjZ/ZZo/zZvot4jUGLaM/oFAmK/Dp0ACgkQot4jUGLa
M/qGSA/+PoutERJcyQUydGb8Te7N4+QFYfhmfAAVf/eY1si36738cOwoyYZcYNIE
MVcPfYoiQynd/7bQt9FZqW4MA65Krg7ADx+vM1UFbpbJ7w5rDPAQorOnuSnRBTap
S9/y2QV6UU3BHDYymBVq4YPh9bxx726pKTtANWHBpkv/44jINRwu4qfw4guuL/Vm
hThM5uu/lLb2kcxuQ6I4JZhkBQTfMpdnjVqQ0Aj7DAvmafJO1L6jRbNVF9qLYkdV
qqEBrUzf8Zayf52m5pa9tY9U+qlsiJzmSIkAtva0+02YsIoaEMyYk7Bw9GsTk2aE
cW+OG/+PjVXW1BTobPzx33vMh6Qz2rIRJPRRoDMb8bKC/mTL/Bc+UQdiEBwFhg1t
HWCoGqVk+pbMe4tBwcSXvFel87cPTuSBKsPqSh+L0v69Bk7xQk2n6oIpjUNAvfw/
/6JDsXbups4eLqRIyMWsCs0k0uxFZiKg9ef9o2EGppgD/XVjMSQZ+wczkJVy9lpj
0v+8reBltHBTBktVCmkr5JmlpVq0Uy+MKyG9ijRcISA7J6RwLJpARqwM+O3d45S+
iXp0auUCvymn2qwmuiLkDYBzSXxsaOF1602ZkVIaF9jK7KmPVWlPkwztGhQc8KCj
DdZdVLshn9o8NHa2/mYzkcOn8QwuF105tY9SUhWXba6pTndwi3s=
=c2uY
-----END PGP SIGNATURE-----