PublicDateAtUSN: 2020-08-03 14:41:00 UTC
Candidate: CVE-2020-15709
PublicDate: 2020-09-05 04:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15709
 https://www.openwall.com/lists/oss-security/2020/08/03/1
 https://ubuntu.com/security/notices/USN-4457-1
 https://ubuntu.com/security/notices/USN-4457-2
Description:
 Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20.10,
 and 0.92.37.8ubuntu0.1~esm1, printed a PPA (personal package archive)
 description to the terminal as-is, which allowed PPA owners to provide ANSI
 terminal escapes to modify terminal contents in unexpected ways.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1890286
Priority: medium
Discovered-by: Jason A. Donenfeld
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N [5.5 MEDIUM]


Patches_software-properties:
upstream_software-properties: needs-triage
precise/esm_software-properties: DNE
trusty_software-properties: ignored (out of standard support)
trusty/esm_software-properties: released (0.92.37.8ubuntu0.1~esm1)
xenial_software-properties: released (0.96.20.10)
esm-infra/xenial_software-properties: released (0.96.20.10)
bionic_software-properties: released (0.96.24.32.14)
focal_software-properties: released (0.98.9.2)
devel_software-properties: released (0.99.3)