PublicDateAtUSN: 2017-05-08
Candidate: CVE-2017-8829
PublicDate: 2017-05-08 06:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8829
 https://ubuntu.com/security/notices/USN-3310-1
Description:
 Deserialization vulnerability in lintian through 2.5.50.3 allows attackers
 to trigger code execution by requesting a review of a source package with a
 crafted YAML file.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.debian.org/861958
Priority: medium
Discovered-by: Jakub Wilk
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]

Patches_lintian:
 upstream: https://anonscm.debian.org/git/lintian/lintian.git/commit/?id=0a2f38ecbc70d34a4b77c93a030555b310bd34ff
upstream_lintian: released (2.5.50.4)
precise_lintian: not-affected (upstream metedata file not checked)
precise/esm_lintian: not-affected (upstream metedata file not checked)
trusty_lintian: not-affected (upstream metadata file not checked)
trusty/esm_lintian: not-affected (upstream metadata file not checked)
vivid/stable-phone-overlay_lintian: DNE
vivid/ubuntu-core_lintian: DNE
xenial_lintian: released (2.5.43ubuntu0.1)
esm-infra/xenial_lintian: released (2.5.43ubuntu0.1)
yakkety_lintian: released (2.5.48ubuntu0.1)
zesty_lintian: released (2.5.50.1ubuntu0.1)
devel_lintian: released (2.5.50.4)