lintian: CVE-2013-1429 - path traversal/information disclosure
Bug #1169636 reported by
Niels Thykier
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Lintian |
Fix Released
|
Unknown
|
|||
lintian (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
An "unimportant" security vulnerabilities have been found in Lintian.
In short, using crafted packages an attacker could have Lintian leak
information about the "host" system provided the raw log is available.
Fixes available in 2.5.10.5 and 2.5.12.
(Reference: http://
CVE References
information type: | Private Security → Public Security |
Changed in lintian: | |
status: | Unknown → Fix Released |
To post a comment you must log in.
Attached is a tarball containing a set of patches for fixing this in 2.5.6.
For Lintian 2.5.10.X, the patches can be pulled from upstream's git repository via:
git show 2.5.10.4..2.5.10.5
For Lintian 2.5.11: f83a16c9bff0e0f a10525c46e. .751dee4653e596 0ca03f3164c15bb 849a85fc976
git show a5680cc4f7ca733
For Lintian 2.4.3: cc0088acb194ea7 754b23a553. .ddd524862684bb bc3b6c045b400dd 7e5767c5935
git show 8a6f1682051c39e
~Niels