dpkg-source: Directory traversal on unpack through missing --- header line https://security-tracker.debian.org/tracker/CVE-2014-3864 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746498 dpkg-source: Directory traversal on unpack through Index: pseudo-header https://security-tracker.debian.org/tracker/CVE-2014-3865 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749183
Arch teams, please test and mark stable: =app-arch/dpkg-1.17.10 Targeted stable KEYWORDS : alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Stable for HPPA.
CVE-2014-3865 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3865): Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with (1) missing --- and +++ header lines or (2) a +++ header line with a blank pathname. CVE-2014-3864 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3864): Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header line.
amd64 stable
alpha stable
arm stable
ia64 stable
ppc64 stable
ppc stable
sparc stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
Maintainer(s), Thank you for cleanup! Noglsa - All current dpkg bugs are not serious enough for glsa.