Ubuntu Security Notice 847-1 – Raphael Geissert discovered that uscan, a part of devscripts, did not properly sanitize its input when processing pathnames. If uscan processed a crafted filename for a file on a remote server, an attacker could execute arbitrary code with the privileges of the user invoking the program.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/81884/USN-847-1.txt
Source: https://packetstormsecurity.com/files/81884/Ubuntu-Security-Notice-847-1.html