CVE-2010-1679
dpkg < 1.14.31 - Directory Traversal via Source-Format 3.0 Patch
Title source: llmDescription
Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package.
References (13)
Core 13
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42831
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42826
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/64615
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1038-1
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0040
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/45703
Vendor Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2011/dsa-2142
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/70368
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43054
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0044
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0196
Scores
EPSS
0.0312
EPSS Percentile
86.2%
Details
CWE
CWE-22
Status
published
Products (50)
debian/dpkg
1.9.19
debian/dpkg
1.9.20
debian/dpkg
1.9.21
debian/dpkg
1.10
debian/dpkg
1.10.1
debian/dpkg
1.10.2
debian/dpkg
1.10.3
debian/dpkg
1.10.4
debian/dpkg
1.10.5
debian/dpkg
1.10.6
... and 40 more
Published
Jan 11, 2011
Tracked Since
Feb 18, 2026