DebianDEBIAN:76CA6359E3AFF67313D59B132D4C362D:4090B[Backports-security-announce] Security update for devscripts
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.005 Low
EPSS
Percentile
74.6%
Adam D. Barratt uploaded new packages for devscripts which fixed the
following security problem:
CVE-2009-2946:
When parsing watch files, uscan applied "mangle rules" by evaluating
them as Perl code without any sanitisation. This could have lead to
the execution of arbitrary code by users or automated systems using
the watch file to check the availability of a new upstream release.
For the etch-backports distribution the problem has been fixed in
version 2.10.35lenny6~bpo40+1.
For the lenny-backports distribution the problem has been fixed in
version 2.10.54~bpo50+1.
For the stable distribution the problem has been fixed in version
2.10.35lenny6.
For the unstable distribution the problem has been fixed in version
2.10.54.
Upgrade instructions
If you don't use pinning
(http://backports.org/dokuwiki/doku.php?id=instructions) you have to
update the package manually via apt-get -t lenny-backports install
<packagename>.
We recommend to pin the backports repository to 200 so that new versions
of installed backports will be installed automatically.
Package: *
Pin: release a=lenny-backports
Pin-Priority: 200
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 5 | all | devscripts | <ย 2.10.35lenny6 | devscripts_2.10.35lenny6_all.deb |
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.005 Low
EPSS
Percentile
74.6%