CVE-2009-2946
Published: 4 September 2009
Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages.
Notes
Author | Note |
---|---|
mdeslaur | watch for regression fixed in dsa-1878-2: http://thread.gmane.org/gmane.comp.security.bugtraq/41022 |
jdstrand | lenny7 should have all fixes |
Priority
Status
Package | Release | Status |
---|---|---|
devscripts Launchpad, Ubuntu, Debian |
upstream |
Released
(2.10.55)
|
dapper |
Released
(2.9.10-0ubuntu0.1)
|
|
hardy |
Released
(2.10.11ubuntu5.8.04.4)
|
|
intrepid |
Released
(2.10.26ubuntu15.2)
|
|
jaunty |
Released
(2.10.39ubuntu7.1)
|
|
Patches: vendor: http://www.debian.org/security/2009/dsa-1878 |