Summary: | <app-arch/dpkg-1.17.25: OpenPGP Armor Header Line parsing in Dpkg::Control::Hash (CVE-2015-0840) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Jeroen Roovers (RETIRED) <jer> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | deb-tools+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://packages.qa.debian.org/d/dpkg/news/20150410T033509Z.html | ||
Whiteboard: | C3 [noglsa/cve] | ||
Package list: | Runtime testing required: | --- |
Description
Jeroen Roovers (RETIRED)
2015-04-10 04:46:35 UTC
Arch teams, please test and mark stable: =app-arch/dpkg-1.17.25 Targeted stable KEYWORDS : alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 Stable for HPPA. C3 for now until more information is available as to the vulnerability. amd64 stable ia64 stable x86 stable sparc stable CVE-2015-0840 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0840): The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc). ppc stable Stable for PPC64. alpha stable arm stable. Maintainer(s), please cleanup. Security, please vote. Arches and Maintainer(s), Thank you for your work. GLSA Vote: No NO too, closing. |