2 matches found
CVE-2013-6888
CVE-2013-6888 affects devscripts’ uscan component. Before version 2.13.9, uscan could execute arbitrary code via a crafted tarball downloaded from a malicious source. Debian/Ubuntu advisories note remote code execution with the vulnerable uscan and specify fixes: Debian wheezy updated to 2.12.6+d...
CVE-2014-1833
CVE-2014-1833 is a directory traversal vulnerability in the uupdate tool of devscripts. A crafted .orig.tar file could allow a remote attacker to modify arbitrary files via symlink abuse. Multiple connected advisories confirm the issue and reference fixes in affected packages (e.g., SUSE, Ubuntu,...