Jakub Wilk discovered that dpkg did not correctly parse C-style filename quoting, allowing for paths to be traversed when unpacking a source package, leading to the creation of files outside the directory of the source being unpacked (CVE-2014-0471). Multiple vulnerabilities were discovered in dpkg that allow file modification through path traversal when unpacking source packages with especially-crafted patch files (CVE-2014-3864, CVE-2014-3865).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 3 | noarch | dpkg | < 1.16.15-1.1 | dpkg-1.16.15-1.1.mga3 |
Mageia | 4 | noarch | dpkg | < 1.17.10-1.1 | dpkg-1.17.10-1.1.mga4 |