LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

devscripts: multiple vulnerabilities

Package(s):devscripts CVE #(s):CVE-2012-0210 CVE-2012-0211 CVE-2012-0212
Created:February 15, 2012 Updated:February 15, 2012
Description: From the Debian advisory:

CVE-2012-0210: Paul Wise discovered that due to insufficient input sanitising when processing .dsc and .changes files, it is possible to execute arbitrary code and disclose system information.

CVE-2012-0211: Raphael Geissert discovered that it is possible to inject or modify arguments of external commands when processing source packages with specially-named tarballs in the top-level directory of the .orig tarball, allowing arbitrary code execution.

CVE-2012-0212: Raphael Geissert discovered that it is possible to inject or modify arguments of external commands when passing as argument to debdiff a specially-named file, allowing arbitrary code execution.

Alerts:
Debian DSA-2409-1 2012-02-15
Ubuntu USN-1366-1 2012-02-15
Ubuntu USN-1593-1 2012-10-02
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds