CVE-2013-6888

Priority
Medium
Description
Uscan in devscripts before 2.13.9 allows remote attackers to execute
arbitrary code via a crafted tarball.
References
Assigned-to
mdeslaur
Package
Upstream:released (2.13.9)
Ubuntu 10.04 LTS (Lucid Lynx):released (2.10.61ubuntu5.6)
Ubuntu 12.04 LTS (Precise Pangolin):released (2.11.6ubuntu1.6)
Ubuntu 12.10 (Quantal Quetzal):released (2.12.4ubuntu0.1)
Ubuntu 13.04 (Raring Ringtail):released (2.13.1ubuntu0.1)
Ubuntu 13.10 (Saucy Salamander):released (2.13.4ubuntu0.1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (2.13.9)
Patches:
Upstream:http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git;a=commit;h=02c6850d973e3e1246fde72edab27f03d63acc52
Upstream:http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git;a=commit;h=4b7e58ee6000cdefac0682601cec6ecce0137467
More Information

Valid XHTML 1.0 Strict

Updated: 2014-01-21 15:14:34 UTC (commit 7666)