Package dpkg updated to version 1.19.0.5-alt1 for branch p8 in task 221218.

Published: 2017-04-26
Modified: 2024-11-21

CVE-2017-8283

dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

http://www.openwall.com/lists/oss-security/2017/04/20/2
http://www.openwall.com/lists/oss-security/2017/04/20/2
98064
98064

содержит start-stop-daemon

Version: 2.1.0

Package dpkg update in p8 on 2019-02-12

ALT-PU-2019-1224-1

Closed vulnerabilities

CVE-2017-8283

Closed bugs

Bug #32238