CVE-2017-8829

Priority
Medium
Description
Deserialization vulnerability in lintian through 2.5.50.3 allows attackers
to trigger code execution by requesting a review of a source package with a
crafted YAML file.
References
Bugs
Package
Upstream:released (2.5.50.4)
Ubuntu 17.10 (Artful Aardvark):released (2.5.50.4)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (upstream metedata file not checked)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (upstream metadata file not checked)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (2.5.43ubuntu0.1)
Ubuntu 17.04 (Zesty Zapus):released (2.5.50.1ubuntu0.1)
Patches:
Upstream:https://anonscm.debian.org/git/lintian/lintian.git/commit/?id=0a2f38ecbc70d34a4b77c93a030555b310bd34ff
More Information

Updated: 2017-08-11 23:56:01 UTC (commit 13081)