Advisories for Pypi/Dulwich package

Remote attackers could execute arbitrary commands via an SSH URL with an initial dash character in the hostname.

Dulwich contains an overflow condition in the py_apply_delta() function in _pack.c. The issue is triggered as user-supplied input is not properly validated when handling pack files. This may allow a context-dependent attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.