CVE-2012-2240

Published: 15 September 2012

scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands."

Priority

Status

Package	Release	Status
devscripts Launchpad, Ubuntu, Debian	hardy	Ignored (end of life)
	lucid	Released (2.10.61ubuntu5.3)
	natty	Released (2.10.69ubuntu2.2)
	oneiric	Released (2.11.1ubuntu3.2)
	precise	Released (2.11.6ubuntu1.4)
	upstream	Released (2.12.3)
	Patches: vendor: http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commit;h=22881936e53e6b585d3dc60f3161e9d704c5138d vendor: http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commit;h=9fba4788933475185df5e58b7fa557e5e3fb15e4

References

http://www.debian.org/security/2012/dsa-2549
https://ubuntu.com/security/notices/USN-1593-1
https://www.cve.org/CVERecord?id=CVE-2012-2240
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.