CVE-2013-1429
https://notcve.org/view.php?id=CVE-2013-1429
Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks. Lintian versiones anteriores a 2.5.12, permite a atacantes remotos recabar información sobre el sistema "host" utilizando enlaces simbólicos diseñados. • https://bugs.launchpad.net/ubuntu/+source/lintian/+bug/1169636 https://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1429.html https://security-tracker.debian.org/tracker/CVE-2013-1429 https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1113881.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2017-8829
https://notcve.org/view.php?id=CVE-2017-8829
Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution by requesting a review of a source package with a crafted YAML file. Una vulnerabilidad de deserialización en lintian hasta 2.5.50.3 permite a un atacante realizar una ejecución de código solicitando un paquete de fuentes con un archivo YAML manipulado. • https://bugs.debian.org/861958 • CWE-502: Deserialization of Untrusted Data •
CVE-2004-1000
https://notcve.org/view.php?id=CVE-2004-1000
lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which may allow local users to delete arbitrary files or directories via a symlink attack. • http://secunia.com/advisories/13771 http://www.debian.org/security/2004/dsa-630 https://exchange.xforce.ibmcloud.com/vulnerabilities/18808 •