Debian Linux Security Advisory 4052-1 - Adam Collard discovered that Bazaar, an easy to use distributed version control system, did not correctly handle maliciously constructed bzr+ssh URLs, allowing a remote attackers to run an arbitrary shell command.
06de7ebfe4eb54489505eb26fdc2a04dce80457e49b28c9c2119d0190c1fdc38