7 matches found
CVE-2012-0212
CVE-2012-0212 affects devscripts; the debdiff.pl component in versions before 2.10.69 and 2.11.x before 2.11.4 allows remote code execution via shell metacharacters in the file name argument. This vulnerability is reflected in multiple advisories (Ubuntu USN-1593-1, Debian security trackers, and ...
CVE-2012-2242
CVE-2012-2242 affects devscripts' dget.pl prior to version 2.10.73, where crafted .dsc/.changes files can trigger remote commands due to insufficient escaping of arguments to external commands. The issue allows remote code execution and is separate from CVE-2012-2240. A fix is needed by upgrading...
CVE-2012-3500
CVE-2012-3500 is a local reliability issue in the annotate-output mechanism: scripts/annotate-output.sh in devscripts < 2.12.2 (used by rpmdevtools
CVE-2012-2241
CVE-2012-2241 affects devscripts prior to version 2.12.3. The vulnerability allows a remote attacker to delete arbitrary files by supplying crafted .dsc or .changes files, with a likely NULL-byte filename issue cited in the description. Exploitation context is remote, with impact described as del...
CVE-2012-2240
CVE-2012-2240 affects devscripts, specifically the dscverify.pl component. The vulnerability occurs in scripts/dscverify.pl in devscripts before version 2.12.3, where remote attackers could execute arbitrary commands via unspecified vectors related to arguments to external commands. Multiple conn...
CVE-2012-0211
CVE-2012-0211 concerns debdiff.pl, part of devscripts, with vulnerable versions 2.10.x before 2.10.69 and 2.11.x before 2.11.4. The issue allows remote code execution via a specially crafted tarball filename in the top-level directory of the original .orig source tarball. The Debian security advi...
CVE-2012-0210
CVE-2012-0210 affects devscripts’ debdiff component. Affected: devscripts package (Debian) with vulnerable debdiff in 2.10.x before 2.10.69 and 2.11.x before 2.11.4. Root cause: insufficient input sanitisation when processing .dsc and .changes files, enabling remote code execution and information...