CVE-2017-8829

NameCVE-2017-8829
DescriptionDeserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution by requesting a review of a source package with a crafted YAML file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)
Debian Bugs861958

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
lintian (PTS)wheezy2.5.10.4fixed
jessie2.5.30+deb8u4fixed
stretch2.5.50.4fixed
buster, sid2.5.62fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
lintiansource(unstable)2.5.50.4medium861958
lintiansourcejessie(not affected)
lintiansourcewheezy(not affected)

Notes

[jessie] - lintian <not-affected> (upstream/metadata check introduced in 2.5.41; vulnerable code not present)
[wheezy] - lintian <not-affected> (upstream/metadata check introduced in 2.5.41; vulnerable code not present)

Search for package or bug name: Reporting problems