Jason A. Donenfeld found an ansi escape sequence injection into software-properties, a manager for apt repository sources. An attacker could manipulate the screen of a user prompted to install an additional repository (PPA).
For Debian 8 jessie, these problems have been fixed in version 0.92.25debian1+deb8u1.
We recommend that you upgrade your software-properties packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.