236 matches found
Debian Security Advisory DSA 2836-1 (devscripts - arbitrary code execution)
Several vulnerabilities have been discovered in uscan, a tool to scan upstream sites for new releases of packages, which is part of the devscripts package. An attacker controlling a website from which uscan would attempt to download a source tarball could execute arbitrary code with the privilege...
DSA-2836-1 devscripts - arbitrary code execution
Bulletin has no description...
Fedora 20 : devscripts-2.13.9-1.fc20 (2013-23975)
Update to 2.13.9, see http://ftp-master.metadata.debian.org/changelogs//main/d /devscripts/devscripts2.13.9changelog for details - Fix CVE-2013-7085 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted...
Debian: Security Advisory (DSA-2836-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 20 Update: devscripts-2.13.9-1.fc20
Scripts to make the life of a Debian Package maintainer easier...
Fedora 20 : devscripts-2.13.5-2.fc20 (2013-23192)
Fix code execution flaw in uscan, CVE request: http://www.openwall.com/lists/oss-security/2013/12/11/4 Update to release 2.13.5, see http://ftp-master.metadata.debian.org/changelogs//main/d/devscripts/de vscripts2.13.5changelog for details. Note that Tenable Network Security has extracted the...
Debian devscripts 'uscan'远程命令执行漏洞
Bugtraq ID:64241 CVE ID:CVE-2013-7050 Debian是一个流行的Linux发行版本。uscan是Debian的devscripts软件包中所提供的程序,用于检测是否有新的源码版本可用。 Debian devscripts 'uscan' debian/copyright-driven重打包存在安全漏洞,允许远程攻击者利用漏洞执行任意代码。 0 Debian devscripts 厂商补丁: Debian ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Debian devscripts 'uscan'文件名处理任意文件删除漏洞
Bugtraq ID:64258 Debian是一个流行的Linux发行版本。uscan是Debian的devscripts软件包中所提供的程序,用于检测是否有新的源码版本可用。 在启用USCANEXCLUSION的情况下,Debian devscripts 'uscan'不正确处理包含空格的文件名,允许攻击者利用漏洞提交恶意文件名删除任意文件。 0 Debian devscripts 2.13.5 目前厂商暂无提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://packages.debian.org/devscripts...
CVE-2013-7085
Uscan in devscripts 2.13.5, when USCANEXCLUSION is enabled, allows remote attackers to delete arbitrary files via a whitespace character in a filename...
CVE-2013-7085
Uscan in devscripts 2.13.5, when USCANEXCLUSION is enabled, allows remote attackers to delete arbitrary files via a whitespace character in a filename...
CVE-2013-7085
Uscan in devscripts 2.13.5, when USCANEXCLUSION is enabled, allows remote attackers to delete arbitrary files via a whitespace character in a filename...
CVE-2013-7085
Uscan in devscripts 2.13.5, when USCANEXCLUSION is enabled, allows remote attackers to delete arbitrary files via a whitespace character in a filename...
CVE-2013-7085
Uscan in devscripts 2.13.5, when USCANEXCLUSION is enabled, allows remote attackers to delete arbitrary files via a whitespace character in a filename...
CVE-2013-7085
CVE-2013-7085 affects devscripts 2.13.5 (Uscan); when USCAN_EXCLUSION is enabled, remote attackers can delete arbitrary files via a whitespace character in a filename. Evidenced in Fedora/SUSE advisories calling for updates to devscripts (e.g., 2.13.9) to fix the issue. Remediation in provided do...
DEBIAN-CVE-2013-7050
The getmainsourcedir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCANEXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name...
CVE-2013-7050
The getmainsourcedir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCANEXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name...
CVE-2013-7050
The getmainsourcedir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCANEXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name...
CVE-2013-7050
The getmainsourcedir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCANEXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name...
CVE-2013-7050
The getmainsourcedir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCANEXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name...
CVE-2013-7050
The getmainsourcedir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCANEXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name...