devscripts vulnerabilities

2012-02-1500:00:00

ubuntu.com

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.9

Confidence

Low

EPSS

0.06

Percentile

93.5%

JSON

Releases

Ubuntu 11.10
Ubuntu 11.04
Ubuntu 10.10
Ubuntu 10.04
Ubuntu 8.04

Packages

devscripts - Scripts to make the life of a Debian Package maintainer easier

Details

Paul Wise discovered that debdiff did not properly sanitize its input when
processing .dsc and .changes files. If debdiff processed a crafted file, an
attacker could execute arbitrary code with the privileges of the user invoking
the program. (CVE-2012-0210)

Raphael Geissert discovered that debdiff did not properly sanitize its input
when processing source packages. If debdiff processed an original source
tarball, with crafted filenames in the top-level directory, an attacker could
execute arbitrary code with the privileges of the user invoking the program.
(CVE-2012-0211)

Raphael Geissert discovered that debdiff did not properly sanitize its input
when processing filename parameters. If debdiff processed a crafted filename
parameter, an attacker could execute arbitrary code with the privileges of the
user invoking the program. (CVE-2012-0212)

OSVersionArchitecturePackageVersionFilename
Ubuntu8.04noarchdevscripts< 2.10.11ubuntu5.8.04.5UNKNOWN
Ubuntu11.10noarchdevscripts< 2.11.1ubuntu3.1UNKNOWN
Ubuntu11.04noarchdevscripts< 2.10.69ubuntu2.1UNKNOWN
Ubuntu10.10noarchdevscripts< 2.10.67ubuntu1.1UNKNOWN
Ubuntu10.04noarchdevscripts< 2.10.61ubuntu5.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	8.04	noarch	devscripts	< 2.10.11ubuntu5.8.04.5	UNKNOWN
Ubuntu	11.10	noarch	devscripts	< 2.11.1ubuntu3.1	UNKNOWN
Ubuntu	11.04	noarch	devscripts	< 2.10.69ubuntu2.1	UNKNOWN
Ubuntu	10.10	noarch	devscripts	< 2.10.67ubuntu1.1	UNKNOWN
Ubuntu	10.04	noarch	devscripts	< 2.10.61ubuntu5.1	UNKNOWN