CVE-2012-0211
https://notcve.org/view.php?id=CVE-2012-0211
debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original (.orig) source tarball of a source package. debdiff.pl de devscripts 2.10.x anteriores a 2.10.69 y 2.11.x anteriores a 2.11.4 permite a atacantes remotos ejecutar código arbitrario a través de un nombre de archivo tarball modificado en el directorio de mayor nivel de un tarball fuente original (.orig) de un paquete fuente. • http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=87f88232eb643f0c118c6ba38db8e966915b450f http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=9cbe605d3eab4f9e67525f69b676c55b273b7a03 http://secunia.com/advisories/47955 http://secunia.com/advisories/48039 http://ubuntu.com/usn/usn-1366-1 http://www.debian.org/security/2012/dsa-2409 http://www.osvdb.org/79320 http://www.securityfocus.com/bid/52029 https://exchange.xforce.ibmcloud.com/vulnerabilities • CWE-20: Improper Input Validation •
CVE-2012-0210
https://notcve.org/view.php?id=CVE-2012-0210
debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system information and execute arbitrary code via the file name in a (1) .dsc or (2) .changes file. debdiff.pl de devscripts 2.10.x anteriores a 2.10.69 y 2.11.x anteriores a 2.11.4 permite a atacantes remotos obtener información del sistema y ejecutar código arbitrario a través de un nombre de fichero en un archivo (1) .dsc o (2) .changes. • http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=797ddc961532eb0aeb46153e3f28c8e9ea0500d2 http://secunia.com/advisories/47955 http://secunia.com/advisories/48039 http://ubuntu.com/usn/usn-1366-1 http://www.debian.org/security/2012/dsa-2409 http://www.osvdb.org/79319 http://www.securityfocus.com/bid/52029 https://exchange.xforce.ibmcloud.com/vulnerabilities/73215 • CWE-20: Improper Input Validation •
CVE-2012-0212
https://notcve.org/view.php?id=CVE-2012-0212
debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument. debdiff.pl de devscripts 2.10.x anteriores a 2.10.69 y 2.11.x anteriores a 2.11.4 permite a atacantes remotos ejecutar código arbitrario a través de meta-caracteres de shell en el argumento de nombre de fichero. • http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=9cbe605d3eab4f9e67525f69b676c55b273b7a03 http://secunia.com/advisories/47955 http://secunia.com/advisories/48039 http://ubuntu.com/usn/usn-1366-1 http://www.debian.org/security/2012/dsa-2409 http://www.osvdb.org/79322 http://www.securityfocus.com/bid/52029 http://www.ubuntu.com/usn/USN-1593-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/73217 • CWE-20: Improper Input Validation •
CVE-2009-2946
https://notcve.org/view.php?id=CVE-2009-2946
Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages. Vulnerabilidad de inyección "Eval" en scripts/uscan.pl anterior a Rev 1984 en devscripts permite a atacantes remotos ejecutar código Perl de su elección a través de nombres de rutas manipulados en servidores de distribución de código fuente utilizado en paquetes Debian GNU/Linux. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515209 http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=diff&rev=1984&sc=1 http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=log&rev=0&sc=1&isdir=0 http://www.debian.org/security/2009/dsa-1878 •