CVE-2022-1664 – directory traversal for in-place extracts with untrusted v2 and v3 source packages with debian.tar
26 May 2022 — Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs. La función Dpkg::Source::Archive en dpkg, el sistema de administración de paquetes de Debian, versiones anteriores a 1.... • https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

26 Apr 2017 — dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD. Dpkg-source en dpkg en las versiones comprendidas entre la 1.3.0 y la 1.18.23 es capaz de usar un programa de parches non-GNU que no ofrece un mecanismo de protección para diff hunks identadas en blanco,... • http://www.openwall.com/lists/oss-security/2017/04/20/2 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVE-2015-0860 – Ubuntu Security Notice USN-2820-1
27 Nov 2015 — Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow. Error por un paso en la función extracthalf en dpkg-deb/extract.c en el componente dpkg-deb en Debian dpkg 1.16.x en versiones anteriores a 1.16.17 y 1.17.x en versiones anteriores a... • http://www.debian.org/security/2015/dsa-3407 • CWE-189: Numeric Errors •

CVE-2015-0840 – Ubuntu Security Notice USN-2566-1
09 Apr 2015 — The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc). El comando dpkg-source en Debian dpkg anterior a 1.16.16 y 1.17.x anterior a 1.17.25 permite a atacantes remotos evadir verificación de firmas a través de un fichero de control de fuentes de Debian (.dsc) manipulado. Jann Horn discovered that the source package integrity verification in dpkg-source can be bypassed via a spec... • http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html • CWE-284: Improper Access Control •

20 Jan 2015 — Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name. Múltiples vulnerabilidades de cadenas de formatos en la función parse_error_msg en parsehelp.c en dpkg anterior a 1.17.22 permiten a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrari... • http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html • CWE-134: Use of Externally-Controlled Format String •