CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
89.2%
Raphael Geissert uploaded new packages for lintian which fixed the
following security problems:
CVE-2009-4013: missing control files sanitation
Control field names and values were not sanitised before using them
in certain operations that could lead to directory traversals.
Patch systems' control files were not sanitised before using them
in certain operations that could lead to directory traversals.
CVE-2009-4014: format string vulnerabilities
Multiple check scripts and the Lintian::Schedule module were using
user-provided input as part of the sprintf/printf format string.
CVE-2009-4015: arbitrary command execution
File names were not properly escaped when passing them as arguments to
certain commands, allowing the execution of other commands as pipes or
as a set of shell commands.
For the lenny-backports distribution the problems have been fixed in
version 2.3.2~bpo50+1.
If you don't use pinning (see [1]) you have to update the package
manually via "apt-get -t lenny-backports install lintian".
[1] <http://backports.org/dokuwiki/doku.php?id=instructions>
We recommend to pin the backports repository to 200 so that new
versions of installed backports will be installed automatically.
Package: *
Pin: release a=lenny-backports
Pin-Priority: 200
Attachment:
signature.asc
Description: This is a digitally signed message part.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 5 | all | lintian | <ย 1.24.2.1+lenny1 | lintian_1.24.2.1+lenny1_all.deb |
Debian | 4 | all | lintian | <ย 1.23.28+etch1 | lintian_1.23.28+etch1_all.deb |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
89.2%