Home page logo

oss-sec logo oss-sec mailing list archives

[notification] CVE-2013-6888: uscan: remote code execution
From: Raphael Geissert <geissert () debian org>
Date: Mon, 6 Jan 2014 11:57:06 +0100


Given the recent issues in uscan (part of devscripts) I took a look at
it and found a few other issues.
The bugs fixed by the following commit basically allow remote code
execution when uscan is used to download upstream's tarball. With and
without repacking (contrary to the commit message).


This was assigned CVE-2013-6888.

Two other changes were made that IMO should be considered as hardening:

At least I'm not aware of a way to exploit them.

Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]