6 matches found
CVE-2004-1000
The CVE-2004-1000 entry concerns the lintian Debian package checker. Affected software: lintian, versions up to 1.23 and earlier. Root cause: lintian removes the working directory even if it wasn’t created by lintian, enabling a symlink attack that could delete an unrelated or arbitrary file or d...
CVE-2009-4014
CVE-2009-4014 affects Lintian: multiple format-string vulnerabilities in check scripts and the Lintian::Schedule module across Lintian 1.23.x (through 1.23.28), 1.24.x (through 1.24.2.1), and 2.x before 2.3.2. The Debian advisory and related NASL/OpenVAS entries confirm this class of issue. Impac...
CVE-2009-4013
Multiple directory traversal vulnerabilities affect lintian across 1.23.x (up to 1.23.28), 1.24.x (up to 1.24.2.1), and 2.x before 2.3.2. The root cause involves unsanitized control field names/values and control files of patch systems, enabling remote attackers to overwrite arbitrary files or di...
CVE-2013-1429
Summary of CVE-2013-1429 : The vulnerability affects Lintian prior to 2.5.12, wherein crafted symlinks can allow an attacker to gather information about the host system. This is a local issue (per CVSSv3: LOCAL) with a base score of 6.3 and a partial confidentiality impact (per CVSSv2: 4.3; per C...
CVE-2009-4015
Lintian (versions 1.23.x–1.23.28, 1.24.x–1.24.2.1, and 2.x before 2.3.2) is affected by an input handling vulnerability where filename arguments can include unsafely shell metacharacters. This allows remote attackers to execute arbitrary commands. The issue stems from improper escaping of command...
CVE-2017-8829
CVE-2017-8829 is a deserialization vulnerability in lintian up to version 2.5.50.3. A remote attacker could trigger code execution by having a user or automated system run lintian on a package with a crafted YAML file. The issue is documented across multiple sources (Debian/CNVD, Ubuntu USN-3310-...