Several vulnerabilities have been discovered in uscan, a tool to scan
upstream sites for new releases of packages, which is part of the
devscripts package. An attacker controlling a website from which uscan
would attempt to download a source tarball could execute arbitrary code
with the privileges of the user running uscan.
The Common Vulnerabilities and Exposures project id CVE-2013-6888 has
been assigned to identify them.
For the stable distribution (wheezy), these problems have been fixed in
version 2.12.6+deb7u2.
For the testing distribution (jessie) and the unstable distribution
(sid), these problems have been fixed in version 2.13.9.
We recommend that you upgrade your devscripts packages.