2 matches found
CVE-2014-3865
CVE-2014-3865 describes a directory-traversal vulnerability in dpkg-source (part of dpkg-dev 1.3.0) that lets remote attackers modify files outside intended directories via a crafted Index: pseudo-header (with missing ---/+++ headers or a +++ header with a blank pathname). Connected advisories in...
CVE-2014-3864
CVE-2014-3864 affects dpkg-source in dpkg-dev 1.3.0, enabling a directory-traversal where a crafted source package without a header line can modify files outside the intended directories. Connected advisories indicate the vulnerability is addressed in updated dpkg packages (e.g., Fedora updates f...