DSA-2836-1 devscripts -- arbitrary code executionID: oval:org.secpod.oval:def:601185 | Date: (C)2014-01-08 (M)2022-10-10 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in uscan, a tool to scan upstream sits for new releases of packages, which is part of the devscripts package. An attacker controlling a website from which uscan would attempt to download a source tarball could execute arbitrary code with the privileges of the user running uscan. The Common Vulnerabilities and Exposures project id CVE-2013-6888 has been assigned to identify them.