SUSE CVE-2015-0840

The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file .dsc...

openSUSE Security Update : dpkg / update-alternatives (openSUSE-2015-421)

dpkg and update-alternatives were updated to 1.16.16 to fix one security issue and severan non-security bugs. The following vulnerabilities were fixed : - CVE-2015-0840: Specially crafted deb packages could have been used to bypass source package integrity verification in local installs boo926749...

Fedora 21 : dpkg-1.16.16-5.fc21 (2015-7296)

Fix build for all versions, previous try wasn't correct and back with dpkg-perl-libexecdir.patch Security fix for CVE-2014-8625 and Security fix for CVE-2015-0840 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable h...

Fedora 22 : dpkg-1.16.16-5.fc22 (2015-6974)

Fix build for all versions, previous try wasn't correct and back with dpkg-perl-libexecdir.patch Revert location of dpkg/parsechangelog . Security fix for CVE-2014-8625 and Security fix for CVE-2015-0840 Security fix for CVE-2014-8625 and Security fix for CVE-2015-0840 Note that Tenable Network...

Updated dpkg packages fix CVE-2015-0840

Updated dpkg packages fix security vulnerability: The dpkg-source command in Debian dpkg before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file .dsc CVE-2015-0840...

DEBIAN-CVE-2015-0840

The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file .dsc...

CVE-2015-0840

The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file .dsc...

CVE-2015-0840

The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file .dsc...

CVE-2015-0840

CVE-2015-0840 affects dpkg before 1.16.16 and 1.17.x before 1.17.25. The issue: the dpkg-source command can bypass the signature check for Debian source control files (.dsc) by crafting the file, enabling bypass of source package integrity verification in local installs. Impact stated in sources:...

[SECURITY] [DSA 3217-1] dpkg security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3217-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 09, 2015 http://www.debian.org/security/faq -...

Debian DSA-3217-1 : dpkg - security update

Jann Horn discovered that the source package integrity verification in dpkg-source can be bypassed via a specially crafted Debian source control file .dsc. Note that this flaw only affects extraction of local Debian source packages via dpkg-source but not the installation of packages from the...

[SECURITY] [DSA 3217-1] dpkg security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3217-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 09, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DSA 3217-1] dpkg security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3217-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 09, 2015 http://www.debian.org/security/faq -...