Debian Local Security Checks : Debian: Security Advisory (DSA-1878-1)

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.64867

Category: Debian Local Security Checks

Title: Debian: Security Advisory (DSA-1878-1)

Summary: The remote host is missing an update for the Debian 'devscripts' package(s) announced via the DSA-1878-1 advisory.

Description: Summary:
The remote host is missing an update for the Debian 'devscripts' package(s) announced via the DSA-1878-1 advisory.

Vulnerability Insight:
Raphael Geissert discovered that uscan, a program to check for availability of new source code versions which is part of the devscripts package, runs Perl code downloaded from potentially untrusted sources to implement its URL and version mangling functionality. This update addresses this issue by reimplementing the relevant Perl operators without relying on the Perl interpreter, trying to preserve backwards compatibility as much as possible.

For the old stable distribution (etch), this problem has been fixed in version 2.9.26etch4.

For the stable distribution (lenny), this problem has been fixed in version 2.10.35lenny6.

For the unstable distribution (sid), this problem will be fixed in version 2.10.54.

We recommend that you upgrade your devscripts package.

Affected Software/OS:
'devscripts' package(s) on Debian 4, Debian 5.

Solution:
Please install the updated package(s).

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-2946
Debian Security Information: DSA-1878 (Google Search)
http://www.debian.org/security/2009/dsa-1878

Copyright Copyright (C) 2009 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.64867
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1878-1)
Summary:	The remote host is missing an update for the Debian 'devscripts' package(s) announced via the DSA-1878-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'devscripts' package(s) announced via the DSA-1878-1 advisory. Vulnerability Insight: Raphael Geissert discovered that uscan, a program to check for availability of new source code versions which is part of the devscripts package, runs Perl code downloaded from potentially untrusted sources to implement its URL and version mangling functionality. This update addresses this issue by reimplementing the relevant Perl operators without relying on the Perl interpreter, trying to preserve backwards compatibility as much as possible. For the old stable distribution (etch), this problem has been fixed in version 2.9.26etch4. For the stable distribution (lenny), this problem has been fixed in version 2.10.35lenny6. For the unstable distribution (sid), this problem will be fixed in version 2.10.54. We recommend that you upgrade your devscripts package. Affected Software/OS: 'devscripts' package(s) on Debian 4, Debian 5. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2946 Debian Security Information: DSA-1878 (Google Search) http://www.debian.org/security/2009/dsa-1878
Copyright	Copyright (C) 2009 Greenbone AG