USN-847-2 -- devscripts vulnerabilityID: oval:org.secpod.oval:def:700470 | Date: (C)2011-05-13 (M)2021-07-09 |
Class: PATCH | Family: unix |
USN-847-1 fixed vulnerabilities in devscripts. This update provides the corresponding updates for Ubuntu 6.06 LTS. Original advisory details: Raphael Geissert discovered that uscan, a part of devscripts, did not properly sanitize its input when processing pathnames. If uscan processed a crafted filename for a file on a remote server, an attacker could execute arbitrary code with the privileges of the user invoking the program.