MidnightBSD

Advisories for devscripts_devel_team

CVE-2012-0210 HIGH

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system information and execute arbitrary code via the file name in a (1) .dsc or (2) .changes file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
devscripts_devel_team devscripts 2.10.1
devscripts_devel_team devscripts 2.10.63
devscripts_devel_team devscripts 2.10.19
devscripts_devel_team devscripts 2.10.31
devscripts_devel_team devscripts 2.10.3
devscripts_devel_team devscripts 2.10.24
devscripts_devel_team devscripts 2.10.34
devscripts_devel_team devscripts 2.11.2
devscripts_devel_team devscripts 2.11.0
devscripts_devel_team devscripts 2.10.45
devscripts_devel_team devscripts 2.10.44
devscripts_devel_team devscripts 2.10.20
devscripts_devel_team devscripts 2.10.6
devscripts_devel_team devscripts 2.10.36
devscripts_devel_team devscripts 2.10.10
devscripts_devel_team devscripts 2.10.54
devscripts_devel_team devscripts 2.10.53
devscripts_devel_team devscripts 2.10.17
devscripts_devel_team devscripts 2.10.41
devscripts_devel_team devscripts 2.10.47
devscripts_devel_team devscripts 2.10.56
devscripts_devel_team devscripts 2.10.43
devscripts_devel_team devscripts 2.10.15
devscripts_devel_team devscripts 2.10.38
devscripts_devel_team devscripts 2.10.18.1
devscripts_devel_team devscripts 2.10.28
devscripts_devel_team devscripts 2.10.7
devscripts_devel_team devscripts 2.10.35
devscripts_devel_team devscripts 2.10.26
devscripts_devel_team devscripts 2.10.30
devscripts_devel_team devscripts 2.10.27
devscripts_devel_team devscripts 2.10.0
devscripts_devel_team devscripts 2.10.62
devscripts_devel_team devscripts 2.10.52
devscripts_devel_team devscripts 2.10.39
devscripts_devel_team devscripts 2.10.48
devscripts_devel_team devscripts 2.10.64
devscripts_devel_team devscripts 2.10.12
devscripts_devel_team devscripts 2.10.58
devscripts_devel_team devscripts 2.10.13
devscripts_devel_team devscripts 2.10.50
devscripts_devel_team devscripts 2.11.1
devscripts_devel_team devscripts 2.10.51
devscripts_devel_team devscripts 2.10.57
devscripts_devel_team devscripts 2.10.68
devscripts_devel_team devscripts 2.10.66
devscripts_devel_team devscripts 2.10.29
devscripts_devel_team devscripts 2.10.49
devscripts_devel_team devscripts 2.10.55
devscripts_devel_team devscripts 2.10.11
devscripts_devel_team devscripts 2.10.16
devscripts_devel_team devscripts 2.10.23
devscripts_devel_team devscripts 2.11.3
devscripts_devel_team devscripts 2.10.46
devscripts_devel_team devscripts 2.10.25
devscripts_devel_team devscripts 2.10.33
devscripts_devel_team devscripts 2.10.18
devscripts_devel_team devscripts 2.10.59
devscripts_devel_team devscripts 2.10.42
devscripts_devel_team devscripts 2.10.22
devscripts_devel_team devscripts 2.10.60
devscripts_devel_team devscripts 2.10.61
devscripts_devel_team devscripts 2.10.9
devscripts_devel_team devscripts 2.10.21
devscripts_devel_team devscripts 2.10.14
devscripts_devel_team devscripts 2.10.8
devscripts_devel_team devscripts 2.10.67
devscripts_devel_team devscripts 2.10.40
devscripts_devel_team devscripts 2.10.32
devscripts_devel_team devscripts 2.10.65.1
CVE-2012-0211 HIGH

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original (.orig) source tarball of a source package.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
devscripts_devel_team devscripts 2.10.1
devscripts_devel_team devscripts 2.10.63
devscripts_devel_team devscripts 2.10.19
devscripts_devel_team devscripts 2.10.31
devscripts_devel_team devscripts 2.10.3
devscripts_devel_team devscripts 2.10.24
devscripts_devel_team devscripts 2.10.34
devscripts_devel_team devscripts 2.11.2
devscripts_devel_team devscripts 2.11.0
devscripts_devel_team devscripts 2.10.45
devscripts_devel_team devscripts 2.10.44
devscripts_devel_team devscripts 2.10.20
devscripts_devel_team devscripts 2.10.6
devscripts_devel_team devscripts 2.10.36
devscripts_devel_team devscripts 2.10.10
devscripts_devel_team devscripts 2.10.54
devscripts_devel_team devscripts 2.10.53
devscripts_devel_team devscripts 2.10.17
devscripts_devel_team devscripts 2.10.41
devscripts_devel_team devscripts 2.10.47
devscripts_devel_team devscripts 2.10.56
devscripts_devel_team devscripts 2.10.43
devscripts_devel_team devscripts 2.10.15
devscripts_devel_team devscripts 2.10.38
devscripts_devel_team devscripts 2.10.18.1
devscripts_devel_team devscripts 2.10.28
devscripts_devel_team devscripts 2.10.7
devscripts_devel_team devscripts 2.10.35
devscripts_devel_team devscripts 2.10.26
devscripts_devel_team devscripts 2.10.30
devscripts_devel_team devscripts 2.10.27
devscripts_devel_team devscripts 2.10.0
devscripts_devel_team devscripts 2.10.62
devscripts_devel_team devscripts 2.10.52
devscripts_devel_team devscripts 2.10.39
devscripts_devel_team devscripts 2.10.48
devscripts_devel_team devscripts 2.10.64
devscripts_devel_team devscripts 2.10.12
devscripts_devel_team devscripts 2.10.58
devscripts_devel_team devscripts 2.10.13
devscripts_devel_team devscripts 2.10.50
devscripts_devel_team devscripts 2.11.1
devscripts_devel_team devscripts 2.10.51
devscripts_devel_team devscripts 2.10.57
devscripts_devel_team devscripts 2.10.68
devscripts_devel_team devscripts 2.10.66
devscripts_devel_team devscripts 2.10.29
devscripts_devel_team devscripts 2.10.49
devscripts_devel_team devscripts 2.10.55
devscripts_devel_team devscripts 2.10.11
devscripts_devel_team devscripts 2.10.16
devscripts_devel_team devscripts 2.10.23
devscripts_devel_team devscripts 2.11.3
devscripts_devel_team devscripts 2.10.46
devscripts_devel_team devscripts 2.10.25
devscripts_devel_team devscripts 2.10.33
devscripts_devel_team devscripts 2.10.18
devscripts_devel_team devscripts 2.10.59
devscripts_devel_team devscripts 2.10.42
devscripts_devel_team devscripts 2.10.22
devscripts_devel_team devscripts 2.10.60
devscripts_devel_team devscripts 2.10.61
devscripts_devel_team devscripts 2.10.9
devscripts_devel_team devscripts 2.10.21
devscripts_devel_team devscripts 2.10.14
devscripts_devel_team devscripts 2.10.8
devscripts_devel_team devscripts 2.10.67
devscripts_devel_team devscripts 2.10.40
devscripts_devel_team devscripts 2.10.32
devscripts_devel_team devscripts 2.10.65.1
CVE-2012-0212 HIGH

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
devscripts_devel_team devscripts 2.10.1
devscripts_devel_team devscripts 2.10.63
devscripts_devel_team devscripts 2.10.19
devscripts_devel_team devscripts 2.10.31
devscripts_devel_team devscripts 2.10.3
devscripts_devel_team devscripts 2.10.24
devscripts_devel_team devscripts 2.10.34
devscripts_devel_team devscripts 2.11.2
devscripts_devel_team devscripts 2.11.0
devscripts_devel_team devscripts 2.10.45
devscripts_devel_team devscripts 2.10.44
devscripts_devel_team devscripts 2.10.20
devscripts_devel_team devscripts 2.10.6
devscripts_devel_team devscripts 2.10.36
devscripts_devel_team devscripts 2.10.10
devscripts_devel_team devscripts 2.10.54
devscripts_devel_team devscripts 2.10.53
devscripts_devel_team devscripts 2.10.17
devscripts_devel_team devscripts 2.10.41
devscripts_devel_team devscripts 2.10.47
devscripts_devel_team devscripts 2.10.56
devscripts_devel_team devscripts 2.10.43
devscripts_devel_team devscripts 2.10.15
devscripts_devel_team devscripts 2.10.38
devscripts_devel_team devscripts 2.10.18.1
devscripts_devel_team devscripts 2.10.28
devscripts_devel_team devscripts 2.10.7
devscripts_devel_team devscripts 2.10.35
devscripts_devel_team devscripts 2.10.26
devscripts_devel_team devscripts 2.10.30
devscripts_devel_team devscripts 2.10.27
devscripts_devel_team devscripts 2.10.0
devscripts_devel_team devscripts 2.10.62
devscripts_devel_team devscripts 2.10.52
devscripts_devel_team devscripts 2.10.39
devscripts_devel_team devscripts 2.10.48
devscripts_devel_team devscripts 2.10.64
devscripts_devel_team devscripts 2.10.12
devscripts_devel_team devscripts 2.10.58
devscripts_devel_team devscripts 2.10.13
devscripts_devel_team devscripts 2.10.50
devscripts_devel_team devscripts 2.11.1
devscripts_devel_team devscripts 2.10.51
devscripts_devel_team devscripts 2.10.57
devscripts_devel_team devscripts 2.10.68
devscripts_devel_team devscripts 2.10.66
devscripts_devel_team devscripts 2.10.29
devscripts_devel_team devscripts 2.10.49
devscripts_devel_team devscripts 2.10.55
devscripts_devel_team devscripts 2.10.11
devscripts_devel_team devscripts 2.10.16
devscripts_devel_team devscripts 2.10.23
devscripts_devel_team devscripts 2.11.3
devscripts_devel_team devscripts 2.10.46
devscripts_devel_team devscripts 2.10.25
devscripts_devel_team devscripts 2.10.33
devscripts_devel_team devscripts 2.10.18
devscripts_devel_team devscripts 2.10.59
devscripts_devel_team devscripts 2.10.42
devscripts_devel_team devscripts 2.10.22
devscripts_devel_team devscripts 2.10.60
devscripts_devel_team devscripts 2.10.61
devscripts_devel_team devscripts 2.10.9
devscripts_devel_team devscripts 2.10.21
devscripts_devel_team devscripts 2.10.14
devscripts_devel_team devscripts 2.10.8
devscripts_devel_team devscripts 2.10.67
devscripts_devel_team devscripts 2.10.40
devscripts_devel_team devscripts 2.10.32
devscripts_devel_team devscripts 2.10.65.1
CVE-2012-2241 MEDIUM

scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted (1) .dsc or (2) .changes file, probably related to a NULL byte in a filename.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
devscripts_devel_team devscripts 2.10.1
devscripts_devel_team devscripts 2.10.63
devscripts_devel_team devscripts 2.10.19
devscripts_devel_team devscripts 2.10.31
devscripts_devel_team devscripts 2.10.3
devscripts_devel_team devscripts 2.10.24
devscripts_devel_team devscripts 2.10.34
devscripts_devel_team devscripts 2.11.2
devscripts_devel_team devscripts 2.11.8
devscripts_devel_team devscripts 2.11.5
devscripts_devel_team devscripts 2.11.0
devscripts_devel_team devscripts 2.10.45
devscripts_devel_team devscripts 2.10.44
devscripts_devel_team devscripts 2.10.20
devscripts_devel_team devscripts 2.10.6
devscripts_devel_team devscripts 2.10.36
devscripts_devel_team devscripts 2.10.10
devscripts_devel_team devscripts 2.8.14
devscripts_devel_team devscripts 2.10.54
devscripts_devel_team devscripts 2.9.25
devscripts_devel_team devscripts 2.12.0
devscripts_devel_team devscripts 2.10.53
devscripts_devel_team devscripts 2.10.17
devscripts_devel_team devscripts 2.10.41
devscripts_devel_team devscripts 2.10.47
devscripts_devel_team devscripts 2.9.23
devscripts_devel_team devscripts 2.10.56
devscripts_devel_team devscripts 2.10.43
devscripts_devel_team devscripts 2.12.1
devscripts_devel_team devscripts 2.10.15
devscripts_devel_team devscripts 2.11.6
devscripts_devel_team devscripts 2.10.38
devscripts_devel_team devscripts 2.10.18.1
devscripts_devel_team devscripts 2.10.28
devscripts_devel_team devscripts 2.10.7
devscripts_devel_team devscripts 2.10.35
devscripts_devel_team devscripts 2.9.22
devscripts_devel_team devscripts 2.10.26
devscripts_devel_team devscripts 2.10.30
devscripts_devel_team devscripts 2.10.27
devscripts_devel_team devscripts 2.10.0
devscripts_devel_team devscripts 2.10.62
devscripts_devel_team devscripts 2.9.26
devscripts_devel_team devscripts 2.10.52
devscripts_devel_team devscripts 2.10.39
devscripts_devel_team devscripts 2.10.48
devscripts_devel_team devscripts 2.10.64
devscripts_devel_team devscripts 2.10.12
devscripts_devel_team devscripts 2.10.58
devscripts_devel_team devscripts 2.10.13
devscripts_devel_team devscripts 2.10.50
devscripts_devel_team devscripts 2.11.1
devscripts_devel_team devscripts 2.11.4
devscripts_devel_team devscripts 2.10.51
devscripts_devel_team devscripts 2.10.57
devscripts_devel_team devscripts 2.10.68
devscripts_devel_team devscripts 2.10.66
devscripts_devel_team devscripts 2.9.21
devscripts_devel_team devscripts 2.10.29
devscripts_devel_team devscripts 2.10.49
devscripts_devel_team devscripts 2.10.55
devscripts_devel_team devscripts 2.10.11
devscripts_devel_team devscripts 2.10.16
devscripts_devel_team devscripts 2.10.23
devscripts_devel_team devscripts 2.11.3
devscripts_devel_team devscripts 2.10.46
devscripts_devel_team devscripts 2.10.25
devscripts_devel_team devscripts 2.10.33
devscripts_devel_team devscripts 2.9.24
devscripts_devel_team devscripts *
devscripts_devel_team devscripts 2.10.18
devscripts_devel_team devscripts 2.10.59
devscripts_devel_team devscripts 2.10.42
devscripts_devel_team devscripts 2.10.22
devscripts_devel_team devscripts 2.10.60
devscripts_devel_team devscripts 2.10.61
devscripts_devel_team devscripts 2.10.9
devscripts_devel_team devscripts 2.11.7
devscripts_devel_team devscripts 2.11.9
devscripts_devel_team devscripts 2.10.21
devscripts_devel_team devscripts 2.7.0
devscripts_devel_team devscripts 2.10.14
devscripts_devel_team devscripts 2.10.8
devscripts_devel_team devscripts 2.10.67
devscripts_devel_team devscripts 2.10.40
devscripts_devel_team devscripts 2.9.27
devscripts_devel_team devscripts 2.10.32
devscripts_devel_team devscripts 2.10.65.1
CVE-2012-3500 LOW

scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-362,

Products Affected

Vendor Product Version
devscripts_devel_team devscripts 2.12.0
devscripts_devel_team devscripts *
CVE-2013-6888 HIGH

Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
devscripts_devel_team devscripts 2.13.5
devscripts_devel_team devscripts 2.13.2
devscripts_devel_team devscripts 2.13.3
devscripts_devel_team devscripts 2.13.7
devscripts_devel_team devscripts *
devscripts_devel_team devscripts 2.13.6
devscripts_devel_team devscripts 2.13.0
devscripts_devel_team devscripts 2.13.4
devscripts_devel_team devscripts 2.13.1
CVE-2013-7050 MEDIUM

The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
devscripts_devel_team devscripts 2.13.5
devscripts_devel_team devscripts 2.13.2
devscripts_devel_team devscripts 2.13.3
devscripts_devel_team devscripts *
devscripts_devel_team devscripts 2.13.6
devscripts_devel_team devscripts 2.13.0
devscripts_devel_team devscripts 2.13.4
devscripts_devel_team devscripts 2.13.1
CVE-2013-7085 MEDIUM

Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allows remote attackers to delete arbitrary files via a whitespace character in a filename.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
devscripts_devel_team devscripts 2.13.5
CVE-2014-1833 MEDIUM

Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
devscripts_devel_team devscripts 2.14.1
CVE-2015-5704 HIGH

scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
devscripts_devel_team devscripts *
fedoraproject fedora 22
fedoraproject fedora 21
CVE-2015-5705 MEDIUM

Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-59,

Products Affected

Vendor Product Version
devscripts_devel_team devscripts *
fedoraproject fedora 22
fedoraproject fedora 21