15 matches found
CVE-2009-2946
Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages...
Debian DSA-1878-1 : devscripts - missing input sanitation
Raphael Geissert discovered that uscan, a program to check for availability of new source code versions which is part of the devscripts package, runs Perl code downloaded from potentially untrusted sources to implement its URL and version mangling functionality. This update addresses this issue b...
Debian devscripts软件包uscan远程代码执行漏洞
BUGTRAQ ID: 36227 CVECAN ID: CVE-2009-2946 Debian是一个流行的Linux发行版本。 uscan是Debian的devscripts软件包中所提供的程序,用于检测是否有新的源码版本可用。uscan运行了从不可信任来源下载的Perl代码实现URL与版本的重整功能,如果源码的发布服务器使用了恶意的路径名就会导致注入并执行任意Perl代码。 Debian devscripts 2.9.26 Debian devscripts 2.9.25 Debian devscripts 2.10.35 厂商补丁: Debian ------...
Debian: Security Advisory (DSA-1878-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[Backports-security-announce] Security update for devscripts
Adam D. Barratt uploaded new packages for devscripts which fixed the following security problem: CVE-2009-2946: When parsing watch files, uscan applied "mangle rules" by evaluating them as Perl code without any sanitisation. This could have lead to the execution of arbitrary code by users or...
[Backports-security-announce] Security update for devscripts
Adam D. Barratt uploaded new packages for devscripts which fixed the following security problem: CVE-2009-2946: When parsing watch files, uscan applied "mangle rules" by evaluating them as Perl code without any sanitisation. This could have lead to the execution of arbitrary code by users or...
[Backports-security-announce] Security update for devscripts
Adam D. Barratt uploaded new packages for devscripts which fixed the following security problem: CVE-2009-2946: When parsing watch files, uscan applied "mangle rules" by evaluating them as Perl code without any sanitisation. This could have lead to the execution of arbitrary code by users or...
[SECURITY] [DSA 1878-2] New devscripts packages fix regressions
------------------------------------------------------------------------ Debian Security Advisory DSA-1878-2 [email protected] http://www.debian.org/security/ Florian Weimer September 11, 2009 http://www.debian.org/security/faq -...
CVE-2009-2946
Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages...
CVE-2009-2946
Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages...
CVE-2009-2946
CVE-2009-2946 references an eval injection in devscripts' uscan.pl prior to revision 1984, enabling remote Perl code execution via crafted pathnames on distribution servers. Connected advisories (Debian DSA-1878-1/DSA-1878-2, Ubuntu USN-847-1/2, Red Hat RH CVE entry, OpenVAS/Nessus synopses) conf...
CVE-2009-2946
Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages...
[Backports-security-announce] Security update for devscripts
Adam D. Barratt uploaded new packages for devscripts which fixed the following security problem: CVE-2009-2946: When parsing watch files, uscan applied "mangle rules" by evaluating them as Perl code without any sanitisation. This could have lead to the execution of arbitrary code by users or...
[Backports-security-announce] Security update for devscripts
Adam D. Barratt uploaded new packages for devscripts which fixed the following security problem: CVE-2009-2946: When parsing watch files, uscan applied "mangle rules" by evaluating them as Perl code without any sanitisation. This could have lead to the execution of arbitrary code by users or...
[SECURITY] [DSA 1878-1] New devscripts packages fix remote code execution
------------------------------------------------------------------------ Debian Security Advisory DSA-1878-1 [email protected] http://www.debian.org/security/ Florian Weimer September 02, 2009 http://www.debian.org/security/faq -...