Lucene search
GoogleOSV:DSA-2836-1HistoryJan 05, 2014 - 12:00 a.m.
devscripts - arbitrary code execution
2014-01-0500:00:00
Google
osv.dev
11
EPSS
0.105
Percentile
95.0%
Several vulnerabilities have been discovered in uscan, a tool to scan
upstream sites for new releases of packages, which is part of the
devscripts package. An attacker controlling a website from which uscan
would attempt to download a source tarball could execute arbitrary code
with the privileges of the user running uscan.
The Common Vulnerabilities and Exposures project id CVE-2013-6888 has
been assigned to identify them.
For the stable distribution (wheezy), these problems have been fixed in
version 2.12.6+deb7u2.
For the testing distribution (jessie) and the unstable distribution
(sid), these problems have been fixed in version 2.13.9.
We recommend that you upgrade your devscripts packages.
References
Related
cvelist
cvelist
CVE-2013-6888
2014-01-07 17:00:00
nessus
nessus
Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 / 13.10 : devscripts vulnerability (USN-2084-1)
2014-01-22 00:00:00
Debian DSA-2836-1 : devscripts - arbitrary code execution
2014-01-06 00:00:00
nvd
nvd
CVE-2013-6888
2014-01-07 17:04:52
ubuntu
ubuntu
devscripts vulnerability
2014-01-21 00:00:00
openvas
openvas
Ubuntu Update for devscripts USN-2084-1
2014-01-27 00:00:00
Ubuntu: Security Advisory (USN-2084-1)
2014-01-27 00:00:00
Debian: Security Advisory (DSA-2836-1)
2014-01-04 00:00:00
debiancve
debiancve
CVE-2013-6888
2014-01-07 17:04:52
ubuntucve
ubuntucve
CVE-2013-6888
2014-01-07 00:00:00
securityvulns
securityvulns
devscripts uscan code execition
2014-01-08 00:00:00
[SECURITY] [DSA 2836-1] devscripts security update
2014-01-08 00:00:00
debian
debian
[SECURITY] [DSA 2836-1] devscripts security update
2014-01-05 18:05:17
prion
prion
Code injection
2014-01-07 17:04:00
cve
cve
CVE-2013-6888
2014-01-07 17:04:52