Bug#746306: dpkg: CVE-2014-0471 fix introduces the vulnerability into squeeze

Mon, 28 Apr 2014 13:39:25 -0700 

Package: dpkg
Version: 1.15.9
Tags: security squeeze

As far as I see, escaping file names was added to diffutils in 2012. The
feature is not present in a squeeze environment. CVE-2014-0471 does not
apply.

Directory traversal during unpack is possible now. I will wait one day
before releasing an exploit package.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to