CVE-2017-8829

NameCVE-2017-8829
DescriptionDeserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution by requesting a review of a source package with a crafted YAML file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs861958

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
lintian (PTS)bullseye2.104.0fixed
bookworm2.116.3fixed
trixie2.121.1+nmu1fixed
sid2.122.0fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
lintiansourcewheezy(not affected)
lintiansourcejessie(not affected)
lintiansource(unstable)2.5.50.4861958

Notes

[jessie] - lintian <not-affected> (upstream/metadata check introduced in 2.5.41; vulnerable code not present)
[wheezy] - lintian <not-affected> (upstream/metadata check introduced in 2.5.41; vulnerable code not present)

Search for package or bug name: Reporting problems