Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2013-1429

Source

Debian Bug report logs - #705553
lintian: CVE-2013-1429 - path traversal/information disclosure

Package: lintian; Maintainer for lintian is Debian Lintian Maintainers <lintian-maint@debian.org>; Source for lintian is src:lintian (PTS, buildd, popcon).

Reported by: Niels Thykier <niels@thykier.net>

Date: Tue, 16 Apr 2013 16:23:33 UTC

Severity: important

Tags: patch, security, upstream

Found in version lintian/2.4.3

Fixed in versions 2.5.12, 2.5.10.5

Done: Niels Thykier <niels@thykier.net>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, niels@thykier.net, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Lintian Maintainers <lintian-maint@debian.org>:
Bug#705553; Package lintian. (Tue, 16 Apr 2013 16:23:37 GMT) (full text, mbox, link).

Acknowledgement sent to Niels Thykier <niels@thykier.net>:
New Bug report received and forwarded. Copy sent to niels@thykier.net, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Lintian Maintainers <lintian-maint@debian.org>. (Tue, 16 Apr 2013 16:23:37 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: lintian
Version: 2.4.3
Severity: important
Tags: security upstream patch
Control: fixed -1 2.5.12

An "unimportant" security vulnerabilities have been found in Lintian.

In short, using crafted packages an attacker could have Lintian leak
information about the "host" system provided the raw log is available.

~Niels

Marked as fixed in versions 2.5.12. Request was from Niels Thykier <niels@thykier.net> to submit@bugs.debian.org. (Tue, 16 Apr 2013 16:23:37 GMT) (full text, mbox, link).

Reply sent to Niels Thykier <niels@thykier.net>:
You have taken responsibility. (Tue, 16 Apr 2013 16:33:12 GMT) (full text, mbox, link).

Notification sent to Niels Thykier <niels@thykier.net>:
Bug acknowledged by developer. (Tue, 16 Apr 2013 16:33:12 GMT) (full text, mbox, link).

Message #12 received at 705553-done@bugs.debian.org (full text, mbox, reply):

Version: 2.5.10.5

On 2013-04-16 18:20, Niels Thykier wrote:
> Package: lintian
> Version: 2.4.3
> Severity: important
> Tags: security upstream patch
> Control: fixed -1 2.5.12
> 
> An "unimportant" security vulnerabilities have been found in Lintian.
> 
> In short, using crafted packages an attacker could have Lintian leak
> information about the "host" system provided the raw log is available.
> 
> ~Niels
> 

Fixes deployed in 2.5.10.5 and 2.5.12.

~Niels

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 03 Jun 2013 08:35:10 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 13:52:02 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

lintian: CVE-2013-1429 - path traversal/information disclosure

Debian Bug report logs - #705553
lintian: CVE-2013-1429 - path traversal/information disclosure

Vulmon Search

About

Products

Connect

lintian: CVE-2013-1429 - path traversal/information disclosure

Debian Bug report logs - #705553 lintian: CVE-2013-1429 - path traversal/information disclosure

Vulmon Search

About

Products

Connect

Debian Bug report logs - #705553
lintian: CVE-2013-1429 - path traversal/information disclosure