Ubuntu Security Notice 847-2: devscripts vulnerability

24
Article Source Ubuntu Security Notices
October 9, 2009, 7:32 am

This update provides the corresponding updates for Ubuntu 6.06 LTS.

Original advisory details: Raphael Geissert discovered that uscan, a part of devscripts, did not properly sanitize its input when processing pathnames. If uscan processed a crafted filename for a file on a remote server, an attacker could execute arbitrary code with the privileges of the user invoking the program…

Read More