VulnerableCode Package Details - pkg:deb/ubuntu/dpkg@1.17.8ubuntu1

Search for packages

Package details: pkg:deb/ubuntu/dpkg@1.17.8ubuntu1

Essentials
History (0)

purl	pkg:deb/ubuntu/dpkg@1.17.8ubuntu1

Next non-vulnerable version	1.18.24ubuntu1
Latest non-vulnerable version	1.18.24ubuntu1
Risk	4.4

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-v1fh-mtmc-aaab Aliases: CVE-2017-8283	dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.	1.18.24ubuntu1 Affected by 0 other vulnerabilities.
VCID-v83g-rs1y-aaaq Aliases: CVE-2014-8625	Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.	1.17.24ubuntu1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version