Search criteria
12 vulnerabilities found for lintian by debian
CVE-2013-1429 (GCVE-0-2013-1429)
Vulnerability from nvd – Published: 2019-11-07 21:42 – Updated: 2024-08-06 15:04
VLAI
Summary
Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks.
Severity
No CVSS data available.
CWE
- Symbolic Link Following
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://people.canonical.com/~ubuntu-security/cve… | x_refsource_MISC |
| https://www.mail-archive.com/debian-bugs-dist%40l… | x_refsource_MISC |
| https://bugs.launchpad.net/ubuntu/+source/lintian… | x_refsource_MISC |
Date Public
2013-04-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:04:48.418Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1429"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1429.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1113881.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lintian/+bug/1169636"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "lintian",
"vendor": "lintian",
"versions": [
{
"status": "affected",
"version": "2.5.12"
}
]
}
],
"datePublic": "2013-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Lintian before 2.5.12 allows remote attackers to gather information about the \"host\" system using crafted symlinks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Symbolic Link Following",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-07T21:42:08.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1429"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1429.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1113881.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lintian/+bug/1169636"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2013-1429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "lintian",
"version": {
"version_data": [
{
"version_value": "2.5.12"
}
]
}
}
]
},
"vendor_name": "lintian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lintian before 2.5.12 allows remote attackers to gather information about the \"host\" system using crafted symlinks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Symbolic Link Following"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2013-1429",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1429"
},
{
"name": "https://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1429.html",
"refsource": "MISC",
"url": "https://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1429.html"
},
{
"name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1113881.html",
"refsource": "MISC",
"url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1113881.html"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/lintian/+bug/1169636",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/lintian/+bug/1169636"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2013-1429",
"datePublished": "2019-11-07T21:42:08.000Z",
"dateReserved": "2013-01-26T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:04:48.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8829 (GCVE-0-2017-8829)
Vulnerability from nvd – Published: 2017-05-08 06:10 – Updated: 2024-08-05 16:48
VLAI
Summary
Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution by requesting a review of a source package with a crafted YAML file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugs.debian.org/861958 | x_refsource_CONFIRM |
Date Public
2017-05-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:48:22.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/861958"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution by requesting a review of a source package with a crafted YAML file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-08T06:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/861958"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution by requesting a review of a source package with a crafted YAML file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/861958",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/861958"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8829",
"datePublished": "2017-05-08T06:10:00.000Z",
"dateReserved": "2017-05-07T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:48:22.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4015 (GCVE-0-2009-4015)
Vulnerability from nvd – Published: 2010-02-02 16:25 – Updated: 2024-09-17 00:01
VLAI
Summary
Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/38379 | third-party-advisoryx_refsource_SECUNIA |
| http://git.debian.org/?p=lintian/lintian.git%3Ba=… | x_refsource_CONFIRM |
| http://packages.qa.debian.org/l/lintian/news/2010… | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/38375 | third-party-advisoryx_refsource_SECUNIA |
| http://packages.debian.org/changelogs/pool/main/l… | x_refsource_CONFIRM |
| http://www.debian.org/security/2010/dsa-1979 | vendor-advisoryx_refsource_DEBIAN |
| http://git.debian.org/?p=lintian/lintian.git%3Ba=… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/37975 | vdb-entryx_refsource_BID |
| http://www.ubuntu.com/usn/USN-891-1 | vendor-advisoryx_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:50.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38379"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"
},
{
"name": "[debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"
},
{
"name": "38375",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38375"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"
},
{
"name": "DSA-1979",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-1979"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00"
},
{
"name": "37975",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37975"
},
{
"name": "USN-891-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-891-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-02-02T16:25:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38379"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"
},
{
"name": "[debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"
},
{
"name": "38375",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38375"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"
},
{
"name": "DSA-1979",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-1979"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00"
},
{
"name": "37975",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37975"
},
{
"name": "USN-891-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-891-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38379"
},
{
"name": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d",
"refsource": "CONFIRM",
"url": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"
},
{
"name": "[debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)",
"refsource": "MLIST",
"url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"
},
{
"name": "38375",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38375"
},
{
"name": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog",
"refsource": "CONFIRM",
"url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"
},
{
"name": "DSA-1979",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-1979"
},
{
"name": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00",
"refsource": "CONFIRM",
"url": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00"
},
{
"name": "37975",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37975"
},
{
"name": "USN-891-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-891-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4015",
"datePublished": "2010-02-02T16:25:00.000Z",
"dateReserved": "2009-11-19T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:01:59.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4014 (GCVE-0-2009-4014)
Vulnerability from nvd – Published: 2010-02-02 16:25 – Updated: 2024-09-17 04:15
VLAI
Summary
Multiple format string vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to have an unspecified impact via vectors involving (1) check scripts and (2) the Lintian::Schedule module.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/38379 | third-party-advisoryx_refsource_SECUNIA |
| http://git.debian.org/?p=lintian/lintian.git%3Ba=… | x_refsource_CONFIRM |
| http://packages.qa.debian.org/l/lintian/news/2010… | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/38375 | third-party-advisoryx_refsource_SECUNIA |
| http://packages.debian.org/changelogs/pool/main/l… | x_refsource_CONFIRM |
| http://www.debian.org/security/2010/dsa-1979 | vendor-advisoryx_refsource_DEBIAN |
| http://git.debian.org/?p=lintian/lintian.git%3Ba=… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/37975 | vdb-entryx_refsource_BID |
| http://www.ubuntu.com/usn/USN-891-1 | vendor-advisoryx_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:50.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38379"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"
},
{
"name": "[debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"
},
{
"name": "38375",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38375"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"
},
{
"name": "DSA-1979",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-1979"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00"
},
{
"name": "37975",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37975"
},
{
"name": "USN-891-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-891-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to have an unspecified impact via vectors involving (1) check scripts and (2) the Lintian::Schedule module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-02-02T16:25:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38379"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"
},
{
"name": "[debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"
},
{
"name": "38375",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38375"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"
},
{
"name": "DSA-1979",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-1979"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00"
},
{
"name": "37975",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37975"
},
{
"name": "USN-891-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-891-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple format string vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to have an unspecified impact via vectors involving (1) check scripts and (2) the Lintian::Schedule module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38379"
},
{
"name": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d",
"refsource": "CONFIRM",
"url": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"
},
{
"name": "[debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)",
"refsource": "MLIST",
"url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"
},
{
"name": "38375",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38375"
},
{
"name": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog",
"refsource": "CONFIRM",
"url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"
},
{
"name": "DSA-1979",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-1979"
},
{
"name": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00",
"refsource": "CONFIRM",
"url": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00"
},
{
"name": "37975",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37975"
},
{
"name": "USN-891-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-891-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4014",
"datePublished": "2010-02-02T16:25:00.000Z",
"dateReserved": "2009-11-19T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:15:07.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4013 (GCVE-0-2009-4013)
Vulnerability from nvd – Published: 2010-02-02 16:25 – Updated: 2024-09-16 17:24
VLAI
Summary
Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control files of patch systems.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/38379 | third-party-advisoryx_refsource_SECUNIA |
| http://git.debian.org/?p=lintian/lintian.git%3Ba=… | x_refsource_CONFIRM |
| http://packages.qa.debian.org/l/lintian/news/2010… | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/38375 | third-party-advisoryx_refsource_SECUNIA |
| http://packages.debian.org/changelogs/pool/main/l… | x_refsource_CONFIRM |
| http://www.debian.org/security/2010/dsa-1979 | vendor-advisoryx_refsource_DEBIAN |
| http://git.debian.org/?p=lintian/lintian.git%3Ba=… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/37975 | vdb-entryx_refsource_BID |
| http://www.ubuntu.com/usn/USN-891-1 | vendor-advisoryx_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:51.004Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38379"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"
},
{
"name": "[debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"
},
{
"name": "38375",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38375"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"
},
{
"name": "DSA-1979",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-1979"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00"
},
{
"name": "37975",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37975"
},
{
"name": "USN-891-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-891-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control files of patch systems."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-02-02T16:25:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38379"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"
},
{
"name": "[debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"
},
{
"name": "38375",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38375"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"
},
{
"name": "DSA-1979",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-1979"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00"
},
{
"name": "37975",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37975"
},
{
"name": "USN-891-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-891-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control files of patch systems."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38379"
},
{
"name": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d",
"refsource": "CONFIRM",
"url": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"
},
{
"name": "[debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)",
"refsource": "MLIST",
"url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"
},
{
"name": "38375",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38375"
},
{
"name": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog",
"refsource": "CONFIRM",
"url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"
},
{
"name": "DSA-1979",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-1979"
},
{
"name": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00",
"refsource": "CONFIRM",
"url": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00"
},
{
"name": "37975",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37975"
},
{
"name": "USN-891-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-891-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4013",
"datePublished": "2010-02-02T16:25:00.000Z",
"dateReserved": "2009-11-19T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:24:02.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1000 (GCVE-0-2004-1000)
Vulnerability from nvd – Published: 2005-01-19 05:00 – Updated: 2024-08-08 00:39
VLAI
Summary
lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which may allow local users to delete arbitrary files or directories via a symlink attack.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/13771 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2004/dsa-630 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2005-01-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:39:00.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "lintian-symlink(18808)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18808"
},
{
"name": "13771",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13771"
},
{
"name": "DSA-630",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-630"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which may allow local users to delete arbitrary files or directories via a symlink attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "lintian-symlink(18808)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18808"
},
{
"name": "13771",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13771"
},
{
"name": "DSA-630",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-630"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1000",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which may allow local users to delete arbitrary files or directories via a symlink attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "lintian-symlink(18808)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18808"
},
{
"name": "13771",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13771"
},
{
"name": "DSA-630",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-630"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1000",
"datePublished": "2005-01-19T05:00:00.000Z",
"dateReserved": "2004-11-02T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:39:00.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1429 (GCVE-0-2013-1429)
Vulnerability from cvelistv5 – Published: 2019-11-07 21:42 – Updated: 2024-08-06 15:04
VLAI
Summary
Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks.
Severity
No CVSS data available.
CWE
- Symbolic Link Following
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://people.canonical.com/~ubuntu-security/cve… | x_refsource_MISC |
| https://www.mail-archive.com/debian-bugs-dist%40l… | x_refsource_MISC |
| https://bugs.launchpad.net/ubuntu/+source/lintian… | x_refsource_MISC |
Date Public
2013-04-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:04:48.418Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1429"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1429.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1113881.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lintian/+bug/1169636"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "lintian",
"vendor": "lintian",
"versions": [
{
"status": "affected",
"version": "2.5.12"
}
]
}
],
"datePublic": "2013-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Lintian before 2.5.12 allows remote attackers to gather information about the \"host\" system using crafted symlinks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Symbolic Link Following",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-07T21:42:08.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1429"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1429.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1113881.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lintian/+bug/1169636"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2013-1429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "lintian",
"version": {
"version_data": [
{
"version_value": "2.5.12"
}
]
}
}
]
},
"vendor_name": "lintian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lintian before 2.5.12 allows remote attackers to gather information about the \"host\" system using crafted symlinks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Symbolic Link Following"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2013-1429",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1429"
},
{
"name": "https://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1429.html",
"refsource": "MISC",
"url": "https://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1429.html"
},
{
"name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1113881.html",
"refsource": "MISC",
"url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1113881.html"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/lintian/+bug/1169636",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/lintian/+bug/1169636"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2013-1429",
"datePublished": "2019-11-07T21:42:08.000Z",
"dateReserved": "2013-01-26T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:04:48.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8829 (GCVE-0-2017-8829)
Vulnerability from cvelistv5 – Published: 2017-05-08 06:10 – Updated: 2024-08-05 16:48
VLAI
Summary
Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution by requesting a review of a source package with a crafted YAML file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugs.debian.org/861958 | x_refsource_CONFIRM |
Date Public
2017-05-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:48:22.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/861958"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution by requesting a review of a source package with a crafted YAML file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-08T06:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/861958"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution by requesting a review of a source package with a crafted YAML file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/861958",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/861958"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8829",
"datePublished": "2017-05-08T06:10:00.000Z",
"dateReserved": "2017-05-07T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:48:22.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4014 (GCVE-0-2009-4014)
Vulnerability from cvelistv5 – Published: 2010-02-02 16:25 – Updated: 2024-09-17 04:15
VLAI
Summary
Multiple format string vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to have an unspecified impact via vectors involving (1) check scripts and (2) the Lintian::Schedule module.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/38379 | third-party-advisoryx_refsource_SECUNIA |
| http://git.debian.org/?p=lintian/lintian.git%3Ba=… | x_refsource_CONFIRM |
| http://packages.qa.debian.org/l/lintian/news/2010… | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/38375 | third-party-advisoryx_refsource_SECUNIA |
| http://packages.debian.org/changelogs/pool/main/l… | x_refsource_CONFIRM |
| http://www.debian.org/security/2010/dsa-1979 | vendor-advisoryx_refsource_DEBIAN |
| http://git.debian.org/?p=lintian/lintian.git%3Ba=… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/37975 | vdb-entryx_refsource_BID |
| http://www.ubuntu.com/usn/USN-891-1 | vendor-advisoryx_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:50.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38379"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"
},
{
"name": "[debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"
},
{
"name": "38375",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38375"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"
},
{
"name": "DSA-1979",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-1979"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00"
},
{
"name": "37975",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37975"
},
{
"name": "USN-891-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-891-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to have an unspecified impact via vectors involving (1) check scripts and (2) the Lintian::Schedule module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-02-02T16:25:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38379"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"
},
{
"name": "[debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"
},
{
"name": "38375",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38375"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"
},
{
"name": "DSA-1979",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-1979"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00"
},
{
"name": "37975",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37975"
},
{
"name": "USN-891-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-891-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple format string vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to have an unspecified impact via vectors involving (1) check scripts and (2) the Lintian::Schedule module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38379"
},
{
"name": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d",
"refsource": "CONFIRM",
"url": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"
},
{
"name": "[debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)",
"refsource": "MLIST",
"url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"
},
{
"name": "38375",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38375"
},
{
"name": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog",
"refsource": "CONFIRM",
"url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"
},
{
"name": "DSA-1979",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-1979"
},
{
"name": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00",
"refsource": "CONFIRM",
"url": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00"
},
{
"name": "37975",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37975"
},
{
"name": "USN-891-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-891-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4014",
"datePublished": "2010-02-02T16:25:00.000Z",
"dateReserved": "2009-11-19T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:15:07.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4013 (GCVE-0-2009-4013)
Vulnerability from cvelistv5 – Published: 2010-02-02 16:25 – Updated: 2024-09-16 17:24
VLAI
Summary
Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control files of patch systems.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/38379 | third-party-advisoryx_refsource_SECUNIA |
| http://git.debian.org/?p=lintian/lintian.git%3Ba=… | x_refsource_CONFIRM |
| http://packages.qa.debian.org/l/lintian/news/2010… | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/38375 | third-party-advisoryx_refsource_SECUNIA |
| http://packages.debian.org/changelogs/pool/main/l… | x_refsource_CONFIRM |
| http://www.debian.org/security/2010/dsa-1979 | vendor-advisoryx_refsource_DEBIAN |
| http://git.debian.org/?p=lintian/lintian.git%3Ba=… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/37975 | vdb-entryx_refsource_BID |
| http://www.ubuntu.com/usn/USN-891-1 | vendor-advisoryx_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:51.004Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38379"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"
},
{
"name": "[debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"
},
{
"name": "38375",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38375"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"
},
{
"name": "DSA-1979",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-1979"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00"
},
{
"name": "37975",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37975"
},
{
"name": "USN-891-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-891-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control files of patch systems."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-02-02T16:25:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38379"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"
},
{
"name": "[debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"
},
{
"name": "38375",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38375"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"
},
{
"name": "DSA-1979",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-1979"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00"
},
{
"name": "37975",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37975"
},
{
"name": "USN-891-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-891-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control files of patch systems."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38379"
},
{
"name": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d",
"refsource": "CONFIRM",
"url": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"
},
{
"name": "[debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)",
"refsource": "MLIST",
"url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"
},
{
"name": "38375",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38375"
},
{
"name": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog",
"refsource": "CONFIRM",
"url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"
},
{
"name": "DSA-1979",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-1979"
},
{
"name": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00",
"refsource": "CONFIRM",
"url": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00"
},
{
"name": "37975",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37975"
},
{
"name": "USN-891-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-891-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4013",
"datePublished": "2010-02-02T16:25:00.000Z",
"dateReserved": "2009-11-19T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:24:02.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4015 (GCVE-0-2009-4015)
Vulnerability from cvelistv5 – Published: 2010-02-02 16:25 – Updated: 2024-09-17 00:01
VLAI
Summary
Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/38379 | third-party-advisoryx_refsource_SECUNIA |
| http://git.debian.org/?p=lintian/lintian.git%3Ba=… | x_refsource_CONFIRM |
| http://packages.qa.debian.org/l/lintian/news/2010… | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/38375 | third-party-advisoryx_refsource_SECUNIA |
| http://packages.debian.org/changelogs/pool/main/l… | x_refsource_CONFIRM |
| http://www.debian.org/security/2010/dsa-1979 | vendor-advisoryx_refsource_DEBIAN |
| http://git.debian.org/?p=lintian/lintian.git%3Ba=… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/37975 | vdb-entryx_refsource_BID |
| http://www.ubuntu.com/usn/USN-891-1 | vendor-advisoryx_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:50.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38379"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"
},
{
"name": "[debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"
},
{
"name": "38375",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38375"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"
},
{
"name": "DSA-1979",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-1979"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00"
},
{
"name": "37975",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37975"
},
{
"name": "USN-891-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-891-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-02-02T16:25:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38379"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"
},
{
"name": "[debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"
},
{
"name": "38375",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38375"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"
},
{
"name": "DSA-1979",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-1979"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00"
},
{
"name": "37975",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37975"
},
{
"name": "USN-891-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-891-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38379"
},
{
"name": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d",
"refsource": "CONFIRM",
"url": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"
},
{
"name": "[debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)",
"refsource": "MLIST",
"url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"
},
{
"name": "38375",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38375"
},
{
"name": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog",
"refsource": "CONFIRM",
"url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"
},
{
"name": "DSA-1979",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-1979"
},
{
"name": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00",
"refsource": "CONFIRM",
"url": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00"
},
{
"name": "37975",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37975"
},
{
"name": "USN-891-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-891-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4015",
"datePublished": "2010-02-02T16:25:00.000Z",
"dateReserved": "2009-11-19T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:01:59.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1000 (GCVE-0-2004-1000)
Vulnerability from cvelistv5 – Published: 2005-01-19 05:00 – Updated: 2024-08-08 00:39
VLAI
Summary
lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which may allow local users to delete arbitrary files or directories via a symlink attack.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/13771 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2004/dsa-630 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2005-01-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:39:00.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "lintian-symlink(18808)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18808"
},
{
"name": "13771",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13771"
},
{
"name": "DSA-630",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-630"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which may allow local users to delete arbitrary files or directories via a symlink attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "lintian-symlink(18808)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18808"
},
{
"name": "13771",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13771"
},
{
"name": "DSA-630",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-630"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1000",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which may allow local users to delete arbitrary files or directories via a symlink attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "lintian-symlink(18808)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18808"
},
{
"name": "13771",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13771"
},
{
"name": "DSA-630",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-630"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1000",
"datePublished": "2005-01-19T05:00:00.000Z",
"dateReserved": "2004-11-02T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:39:00.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}