4 matches found
CVE-2009-2946
CVE-2009-2946 references an eval injection in devscripts' uscan.pl prior to revision 1984, enabling remote Perl code execution via crafted pathnames on distribution servers. Connected advisories (Debian DSA-1878-1/DSA-1878-2, Ubuntu USN-847-1/2, Red Hat RH CVE entry, OpenVAS/Nessus synopses) conf...
CVE-2012-0212
CVE-2012-0212 affects devscripts; the debdiff.pl component in versions before 2.10.69 and 2.11.x before 2.11.4 allows remote code execution via shell metacharacters in the file name argument. This vulnerability is reflected in multiple advisories (Ubuntu USN-1593-1, Debian security trackers, and ...
CVE-2012-0210
CVE-2012-0210 affects devscripts’ debdiff component. Affected: devscripts package (Debian) with vulnerable debdiff in 2.10.x before 2.10.69 and 2.11.x before 2.11.4. Root cause: insufficient input sanitisation when processing .dsc and .changes files, enabling remote code execution and information...
CVE-2012-0211
CVE-2012-0211 concerns debdiff.pl, part of devscripts, with vulnerable versions 2.10.x before 2.10.69 and 2.11.x before 2.11.4. The issue allows remote code execution via a specially crafted tarball filename in the top-level directory of the original .orig source tarball. The Debian security advi...