Summary: | <app-arch/dpkg-1.17.10: multiple vulnerabilities (CVE-2014-{3864,3865}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Jeroen Roovers (RETIRED) <jer> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | deb-tools+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
http://bugs.debian.org/746498 http://bugs.debian.org/749183 |
||
Whiteboard: | C3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Jeroen Roovers (RETIRED)
2014-06-07 13:00:04 UTC
Arch teams, please test and mark stable: =app-arch/dpkg-1.17.10 Targeted stable KEYWORDS : alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 Stable for HPPA. CVE-2014-3865 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3865): Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with (1) missing --- and +++ header lines or (2) a +++ header line with a blank pathname. CVE-2014-3864 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3864): Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header line. amd64 stable alpha stable arm stable ia64 stable ppc64 stable ppc stable sparc stable x86 stable. Maintainer(s), please cleanup. Security, please vote. Maintainer(s), Thank you for cleanup! Noglsa - All current dpkg bugs are not serious enough for glsa. |