Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Devscripts
(Devscripts_devel_team)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 14 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2013-12-13 | CVE-2013-7050 | The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name. | Devscripts | N/A | ||
| 2014-01-07 | CVE-2013-6888 | Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball. | Devscripts | N/A | ||
| 2012-10-01 | CVE-2012-3500 | scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file. | Devscripts | N/A | ||
| 2017-09-06 | CVE-2015-5705 | Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename. | Devscripts, Fedora | 7.5 | ||
| 2017-09-25 | CVE-2015-5704 | scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands. | Devscripts, Fedora | 7.8 | ||
| 2014-02-05 | CVE-2014-1833 | Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink. | Devscripts | N/A | ||
| 2013-12-14 | CVE-2013-7085 | Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allows remote attackers to delete arbitrary files via a whitespace character in a filename. | Devscripts | N/A | ||
| 2012-09-30 | CVE-2012-2242 | scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted (1) .dsc or (2) .changes file, related to "arguments to external commands" that are not properly escaped, a different vulnerability than CVE-2012-2240. | Devscripts | N/A | ||
| 2012-09-30 | CVE-2012-2240 | scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands." | Devscripts | N/A | ||
| 2009-09-04 | CVE-2009-2946 | Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages. | Devscripts | N/A |