dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-04-26T05:28:00

Updated: 2024-08-05T16:34:21.674Z

Reserved: 2017-04-25T00:00:00

Link: CVE-2017-8283

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-04-26T05:59:00.213

Modified: 2024-11-21T03:33:41.723

Link: CVE-2017-8283

cve-icon Redhat

No data.