CVE-2012-2241
Published: 15 September 2012
scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted (1) .dsc or (2) .changes file, probably related to a NULL byte in a filename.
Priority
Status
Package | Release | Status |
---|---|---|
devscripts Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(2.10.61ubuntu5.3)
|
|
natty |
Released
(2.10.69ubuntu2.2)
|
|
oneiric |
Released
(2.11.1ubuntu3.2)
|
|
precise |
Released
(2.11.6ubuntu1.4)
|
|
upstream |
Released
(2.12.3)
|
|
Patches: vendor: http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commit;h=79d27778321f7bb778097cfb7a724ae976fb4fbd (2.10) vendor: http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commit;h=0fd15bdec07b085f9ef438dacd18e159ac60b810 (trunk) |