2 matches found
CVE-2013-7085
CVE-2013-7085 affects devscripts 2.13.5 (Uscan); when USCAN_EXCLUSION is enabled, remote attackers can delete arbitrary files via a whitespace character in a filename. Evidenced in Fedora/SUSE advisories calling for updates to devscripts (e.g., 2.13.9) to fix the issue. Remediation in provided do...
CVE-2013-7050
The CVE-2013-7050 issue affects devscripts' uscan: the get_main_source_dir function in scripts/uscan.pl (before version 2.13.8) can be exploited to execute arbitrary commands via shell metacharacters in a directory name when USCAN_EXCLUSION is used. This is a remote code execution risk. Affected ...