13 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
CVE-2025-8454
It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts a collection of scripts to make the life of a Debian Package maintainer easier, skips OpenPGP verification if the upstream source is already downloaded from a previous run even...
CVE-2025-8454
It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts a collection of scripts to make the life of a Debian Package maintainer easier, skips OpenPGP verification if the upstream source is already downloaded from a previous run even...
CVE-2009-0130
lib/crypto/csrc/cryptodrv.c in erlang does not properly check the return value from the OpenSSL DSAdoverify function, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a package...
CVE-2018-0023
JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. The default configuration and sample files of JSNAPy automation tool versions prior to 1.3.0 are created world writable. This insecure file and directory permission allows...
[SECURITY] Fedora 22 Update: devscripts-2.15.8-1.fc22
Scripts to make the life of a Debian Package maintainer easier...
[SECURITY] Fedora 20 Update: devscripts-2.14.10-1.fc20
Scripts to make the life of a Debian Package maintainer easier...
[SECURITY] Fedora 20 Update: devscripts-2.13.9-1.fc20
Scripts to make the life of a Debian Package maintainer easier...
DSA-2549-1 devscripts - multiple
Bulletin has no description...
Input validation
DISPUTED lib/crypto/csrc/cryptodrv.c in erlang does not properly check the return value from the OpenSSL DSAdoverify function, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a...
CVE-2009-0130
lib/crypto/csrc/cryptodrv.c in erlang does not properly check the return value from the OpenSSL DSAdoverify function, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a package...
CVE-2009-0130
lib/crypto/csrc/cryptodrv.c in erlang does not properly check the return value from the OpenSSL DSAdoverify function, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a package...
[SECURITY] [DSA 150-1] New interchange packages fix illegal file exposition
-------------------------------------------------------------------------- Debian Security Advisory DSA 150-1 [email protected] http://www.debian.org/security/ Martin Schulze August 13th, 2002 - -------------------------------------------------------------------------- Package : interchange...