Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2013-1429

Published: 7 November 2019

Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks.

Notes

AuthorNote
seth-arnold
Since packages can contain arbitrary owners of files, I don't
believe the symlink-restriction provides protection here

Priority

Low

CVSS 3 base score: 6.3

Status

Package Release Status
lintian
Launchpad, Ubuntu, Debian
artful Not vulnerable
(2.5.11ubuntu13)
bionic Not vulnerable
(2.5.11ubuntu13)
cosmic Not vulnerable
(2.5.11ubuntu13)
disco Not vulnerable
(2.5.11ubuntu13)
eoan Not vulnerable
(2.5.11ubuntu13)
focal Not vulnerable
(2.5.11ubuntu13)
groovy Not vulnerable
(2.5.11ubuntu13)
hardy Ignored
(reached end-of-life)
hirsute Not vulnerable
(2.5.11ubuntu13)
lucid Ignored
(reached end-of-life)
oneiric Ignored
(reached end-of-life)
precise Ignored
(end of ESM support, was needed)
quantal Ignored
(reached end-of-life)
raring Not vulnerable
(2.5.11ubuntu13)
saucy Not vulnerable
(2.5.11ubuntu13)
trusty Not vulnerable
(2.5.11ubuntu13)
upstream
Released (2.5.10.5)
utopic Not vulnerable
(2.5.11ubuntu13)
vivid Not vulnerable
(2.5.11ubuntu13)
wily Not vulnerable
(2.5.11ubuntu13)
xenial Not vulnerable
(2.5.11ubuntu13)
yakkety Not vulnerable
(2.5.11ubuntu13)
zesty Not vulnerable
(2.5.11ubuntu13)
Patches:
upstream: https://bugs.launchpad.net/bugs/1169636