ALT-PU-2018-1905-1
Package devscripts updated to version 2.18.3-alt1_1 for branch sisyphus in task 208523.
Closed vulnerabilities
BDU:2015-02662
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2017-02344
Уязвимость пакета сценариев devscripts (scripts/licensecheck.pl) для операционной системы Fedora, позволяющая нарушителю выполнить произвольные shell-команды
Modified: 2024-11-21
CVE-2013-6888
Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball.
- http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git%3Ba=commitdiff%3Bh=02c6850d973e3e1246fde72edab27f03d63acc52
- http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git%3Ba=commitdiff%3Bh=02c6850d973e3e1246fde72edab27f03d63acc52
- [oss-security] 20140106 [notification] CVE-2013-6888: uscan: remote code execution
- [oss-security] 20140106 [notification] CVE-2013-6888: uscan: remote code execution
- 56192
- 56192
- 56579
- 56579
- DSA-2836
- DSA-2836
- 64656
- 64656
- USN-2084-1
- USN-2084-1
- debian-cve20136888-code-execution(90107)
- debian-cve20136888-code-execution(90107)
Modified: 2024-11-21
CVE-2013-7050
The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name.
- http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git%3Ba=commitdiff%3Bh=91f05b5
- http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git%3Ba=commitdiff%3Bh=91f05b5
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731849
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731849
- 100855
- 100855
- [oss-securit] 20131211 CVE request: devscripts (uscan) command execution flaw
- [oss-securit] 20131211 CVE request: devscripts (uscan) command execution flaw
- [oss-securit] 20131211 Re: CVE request: devscripts (uscan) command execution flaw
- [oss-securit] 20131211 Re: CVE request: devscripts (uscan) command execution flaw
- 64241
- 64241
- https://bugzilla.redhat.com/show_bug.cgi?id=1040266
- https://bugzilla.redhat.com/show_bug.cgi?id=1040266
- devscripts-cve20137050-command-execution(89666)
- devscripts-cve20137050-command-execution(89666)
Modified: 2024-11-21
CVE-2013-7325
An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball.
- http://www.openwall.com/lists/oss-security/2014/02/12/14
- http://www.openwall.com/lists/oss-security/2014/02/12/14
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7325
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7325
- https://security-tracker.debian.org/tracker/CVE-2013-7325
- https://security-tracker.debian.org/tracker/CVE-2013-7325
Modified: 2024-11-21
CVE-2015-5704
scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands.
- FEDORA-2015-12699
- FEDORA-2015-12699
- FEDORA-2015-12716
- FEDORA-2015-12716
- [oss-security] 20150801 Re: CVE Request: devscripts: licensecheck: arbitrary shell command injection
- [oss-security] 20150801 Re: CVE Request: devscripts: licensecheck: arbitrary shell command injection
- 76143
- 76143
- https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=c0687bcde23108dd42e146573c368b6905e6b8e8
- https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=c0687bcde23108dd42e146573c368b6905e6b8e8
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260
- https://bugzilla.redhat.com/show_bug.cgi?id=1249635
- https://bugzilla.redhat.com/show_bug.cgi?id=1249635
Modified: 2024-11-21
CVE-2015-5705
Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename.
- FEDORA-2015-12699
- FEDORA-2015-12699
- FEDORA-2015-12716
- FEDORA-2015-12716
- [oss-security] 20150801 Re: CVE Request: devscripts: licensecheck: arbitrary shell command injection
- [oss-security] 20150801 Re: CVE Request: devscripts: licensecheck: arbitrary shell command injection
- https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=d8f8fa1d8e4151fa62997cb74403f97ab0d7e1a2
- https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=d8f8fa1d8e4151fa62997cb74403f97ab0d7e1a2
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260
- https://bugzilla.redhat.com/show_bug.cgi?id=1249645
- https://bugzilla.redhat.com/show_bug.cgi?id=1249645