4 matches found
CVE-2017-8283
dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source...
CVE-2017-8283
dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source...
CVE-2017-8283
CVE-2017-8283 concerns dpkg-source in dpkg 1.3.0 through 1.18.23, which can invoke a non-GNU patch program and lacks protection for blank-indented diff hunks. This enables remote attackers to perform directory traversal via a crafted Debian source package, demonstrated by using dpkg-source on Net...
CVE-2017-8283
dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source...