Debian Security Advisory 1891-1 – Marek Grzybowski discovered that changetrack, a program to monitor changes to (configuration) files, is prone to shell command injection via metacharacters in filenames. The behaviour of the program has been adjusted to reject all filenames with metacharacters.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/81521/dsa-1891-1.txt
Source: https://packetstormsecurity.com/files/81521/Debian-Linux-Security-Advisory-1891-1.html