Ubuntu Security Notice 847-2 - USN-847-1 fixed vulnerabilities in devscripts. This update provides the corresponding updates for Ubuntu 6.06 LTS. Raphael Geissert discovered that uscan, a part of devscripts, did not properly sanitize its input when processing pathnames. If uscan processed a crafted filename for a file on a remote server, an attacker could execute arbitrary code with the privileges of the user invoking the program.
a0c0a418e5ffcdc58b1be1ff537ea8f50f3ede9d95754dd6f137056600238dadUbuntu Security Notice 847-1 - Raphael Geissert discovered that uscan, a part of devscripts, did not properly sanitize its input when processing pathnames. If uscan processed a crafted filename for a file on a remote server, an attacker could execute arbitrary code with the privileges of the user invoking the program.
7ed4a6c1e2cddbb5b85f7a815082364b1f7f0a2316a0eeb7cd11fb4de4b7caf4Debian Security Advisory 1878-2 - Raphael Geissert discovered that uscan, a program to check for availability of new source code versions which is part of the devscripts package, runs Perl code downloaded from potentially untrusted sources to implement its URL and version mangling functionality. This update corrects regressions introduced by the devscripts security update, DSA-1878-1.
3b1b40fb5fbd7b62d4ca8cadc1b1d71d6cbbcffcc47448316d4bc800398bd578Debian Security Advisory 1878-1 - Raphael Geissert discovered that uscan, a program to check for availability of new source code versions which is part of the devscripts package, runs Perl code downloaded from potentially untrusted sources to implement its URL and version mangling functionality. This update addresses this issue by reimplementing the relevant Perl operators without relying on the Perl interpreter, trying to preserve backwards compatibility as much as possible.
0e5b49376f380b031a0382734cc1ecfa180e9025483df749a9270e25194e7209
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed