Ubuntu Security Notice 2084-1 - It was discovered that the uscan tool incorrectly repacked archive files. If a user or automated system were tricked into processing specially crafted files, a remote attacker could possibly execute arbitrary code.
e92ab9f2fc27450cbdfc097304af025ca1ef510e02d2e35503392f21c8a3522a
Debian Linux Security Advisory 2836-1 - Several vulnerabilities have been discovered in uscan, a tool to scan upstream sits for new releases of packages, which is part of the devscripts package. An attacker controlling a website from which uscan would attempt to download a source tarball could execute arbitrary code with the privileges of the user running uscan.
9aaed02c195fa5da2eda198cf92b3b6cf32d152b63cc952a2810fd9a75314865