EUVD-2015-5651

Malware in sbrugna...

EUVD-2013-6849

Malware in sbrugna...

EUVD-2012-2233

Malware in sbrugna...

EUVD-2012-2235

Malware in sbrugna...

CVE-2025-8454

CVE-2025-8454 affects the uscan component of devscripts. The vulnerability arises because uscan skips OpenPGP verification when the upstream source has already been downloaded in a prior run, even if verification had failed previously. This behavior is described across multiple sources (e.g., Red...

SUSE CVE-2012-2240

scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands."...

CVE-2013-7325

An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball...

USN-3704-1 devscripts vulnerability

It was discovered that devscripts incorrectly handled certain YAML files. An attacker could possibly use this to execute arbitrary code...

CVE-2015-5705

Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename...

CVE-2015-5705

Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename...

CVE-2014-1833

Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink...

CVE-2013-7050

The getmainsourcedir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCANEXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name...

CVE-2012-2242

scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted 1 .dsc or 2 .changes file, related to "arguments to external commands" that are not properly escaped, a different vulnerability than CVE-2012-2240...

CVE-2012-2241

scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted 1 .dsc or 2 .changes file, probably related to a NULL byte in a filename...

CVE-2012-3500

scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary 1 standard output or 2 standard error output file...

CVE-2012-2242

CVE-2012-2242 affects devscripts' dget.pl prior to version 2.10.73, where crafted .dsc/.changes files can trigger remote commands due to insufficient escaping of arguments to external commands. The issue allows remote code execution and is separate from CVE-2012-2240. A fix is needed by upgrading...

Debian devscripts 'uscan' Input Validation Vulnerability

Binary data 5175.prm...

CVE-2009-2946

Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages...