Summary: | <app-arch/dpkg-1.17.22: format string vulnerability (CVE-2014-8625) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Jeroen Roovers (RETIRED) <jer> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | deb-tools+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
http://bugs.debian.org/768485 https://launchpad.net/bugs/1389135 |
||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Jeroen Roovers (RETIRED)
2014-11-28 10:15:09 UTC
Arch teams, please test and mark stable: =app-arch/dpkg-1.17.22 Targeted stable KEYWORDS : alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 amd64 stable x86 stable Stable for HPPA. sparc stable alpha stable arm stable ppc stable ppc64 stable ia64 stable. Maintainer(s), please cleanup. Maintainer(s), Thank you for you for cleanup. GLSA Vote: No CVE-2014-8625 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8625): Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name. GLSA Vote: No |