Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : devscripts vulnerabilities (USN-1366-1)

Paul Wise discovered that debdiff did not properly sanitize its input when processing .dsc and .changes files. If debdiff processed a crafted file, an attacker could execute arbitrary code with the privileges of the user invoking the program. CVE-2012-0210 Raphael Geissert discovered that debdiff...

Debian DSA-2409-1 : devscripts - several vulnerabilities

Several vulnerabilities have been discovered in debdiff, a script used to compare two Debian packages, which is part of the devscripts package. The following Common Vulnerabilities and Exposures project ids have been assigned to identify them : - CVE-2012-0210 : Paul Wise discovered that due to...

[SECURITY] [DSA 2409-1] devscripts security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2409-1 [email protected] http://www.debian.org/security/ Raphael Geissert February 15, 2012 http://www.debian.org/security/faq -...

CVE-2012-0210

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system information and execute arbitrary code via the file name in a 1 .dsc or 2 .changes file...

DSA-2409-1 devscripts - several

Bulletin has no description...

CVE-2012-0212

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument...

CVE-2012-0211

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original .orig source tarball of a source package...

Debian DSA-1878-1 : devscripts - missing input sanitation

Raphael Geissert discovered that uscan, a program to check for availability of new source code versions which is part of the devscripts package, runs Perl code downloaded from potentially untrusted sources to implement its URL and version mangling functionality. This update addresses this issue b...

Ubuntu 6.06 LTS : devscripts vulnerability (USN-847-2)

USN-847-1 fixed vulnerabilities in devscripts. This update provides the corresponding updates for Ubuntu 6.06 LTS. Raphael Geissert discovered that uscan, a part of devscripts, did not properly sanitize its input when processing pathnames. If uscan processed a crafted filename for a file on a...

USN-847-2: devscripts vulnerability

USN-847-1 fixed vulnerabilities in devscripts. This update provides the corresponding updates for Ubuntu 6.06 LTS. Original advisory details: Raphael Geissert discovered that uscan, a part of devscripts, did not properly sanitize its input when processing pathnames. If uscan processed a crafted...

Ubuntu 8.04 LTS / 8.10 / 9.04 : devscripts vulnerability (USN-847-1)

Raphael Geissert discovered that uscan, a part of devscripts, did not properly sanitize its input when processing pathnames. If uscan processed a crafted filename for a file on a remote server, an attacker could execute arbitrary code with the privileges of the user invoking the program. Note tha...

USN-847-1: Devscripts vulnerability

Raphael Geissert discovered that uscan, a part of devscripts, did not properly sanitize its input when processing pathnames. If uscan processed a crafted filename for a file on a remote server, an attacker could execute arbitrary code with the privileges of the user invoking the program...

Debian devscripts软件包uscan远程代码执行漏洞

BUGTRAQ ID: 36227 CVECAN ID: CVE-2009-2946 Debian是一个流行的Linux发行版本。 uscan是Debian的devscripts软件包中所提供的程序，用于检测是否有新的源码版本可用。uscan运行了从不可信任来源下载的Perl代码实现URL与版本的重整功能，如果源码的发布服务器使用了恶意的路径名就会导致注入并执行任意Perl代码。 Debian devscripts 2.9.26 Debian devscripts 2.9.25 Debian devscripts 2.10.35 厂商补丁： Debian ------...

Debian Security Advisory DSA 1878-2 (devscripts)

The remote host is missing an update to devscripts announced via advisory DSA 1878-2. OpenVAS Vulnerability Test $Id: deb18782.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1878-2 devscripts Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

Debian devscripts 'uscan' Input Validation Vulnerability

Binary data 5175.prm...

Debian: Security Advisory (DSA-1878-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[Backports-security-announce] Security update for devscripts

Adam D. Barratt uploaded new packages for devscripts which fixed the following security problem: CVE-2009-2946: When parsing watch files, uscan applied "mangle rules" by evaluating them as Perl code without any sanitisation. This could have lead to the execution of arbitrary code by users or...

[Backports-security-announce] Security update for devscripts

Adam D. Barratt uploaded new packages for devscripts which fixed the following security problem: CVE-2009-2946: When parsing watch files, uscan applied "mangle rules" by evaluating them as Perl code without any sanitisation. This could have lead to the execution of arbitrary code by users or...

[SECURITY] [DSA 1878-2] New devscripts packages fix regressions

------------------------------------------------------------------------ Debian Security Advisory DSA-1878-2 [email protected] http://www.debian.org/security/ Florian Weimer September 11, 2009 http://www.debian.org/security/faq -...

DSA-1878-2 devscripts - regression fix

Bulletin has no description...