Debian Linux Security Advisory 1959-1 – It was discovered that ganeti, a virtual server cluster manager, does not validate the path of scripts passed as arguments to certain commands, which allows local or remote users (via the web interface in versions 2.x) to execute arbitrary commands on a host acting as a cluster master.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/84140/dsa-1959-1.txt
Source: https://packetstormsecurity.com/files/84140/Debian-Linux-Security-Advisory-1959-1.html