The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).
2015-04-13T14:59:01.367
2025-04-12T10:46:40.837
Deferred
CVSSv2: 4.3 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:P/A:N
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | debian | dpkg | ≤ 1.16.15 | Yes |
| Application | debian | dpkg | 1.17.0 | Yes |
| Application | debian | dpkg | 1.17.1 | Yes |
| Application | debian | dpkg | 1.17.2 | Yes |
| Application | debian | dpkg | 1.17.3 | Yes |
| Application | debian | dpkg | 1.17.4 | Yes |
| Application | debian | dpkg | 1.17.5 | Yes |
| Application | debian | dpkg | 1.17.6 | Yes |
| Application | debian | dpkg | 1.17.7 | Yes |
| Application | debian | dpkg | 1.17.8 | Yes |
| Application | debian | dpkg | 1.17.9 | Yes |
| Application | debian | dpkg | 1.17.10 | Yes |
| Application | debian | dpkg | 1.17.11 | Yes |
| Application | debian | dpkg | 1.17.12 | Yes |
| Application | debian | dpkg | 1.17.13 | Yes |
| Application | debian | dpkg | 1.17.14 | Yes |
| Application | debian | dpkg | 1.17.15 | Yes |
| Application | debian | dpkg | 1.17.16 | Yes |
| Application | debian | dpkg | 1.17.17 | Yes |
| Application | debian | dpkg | 1.17.18 | Yes |
| Application | debian | dpkg | 1.17.19 | Yes |
| Application | debian | dpkg | 1.17.20 | Yes |
| Application | debian | dpkg | 1.17.21 | Yes |
| Application | debian | dpkg | 1.17.22 | Yes |
| Application | debian | dpkg | 1.17.23 | Yes |
| Application | debian | dpkg | 1.17.24 | Yes |
| Operating System | canonical | ubuntu_linux | 10.04 | Yes |
| Operating System | canonical | ubuntu_linux | 12.04 | Yes |
| Operating System | canonical | ubuntu_linux | 14.04 | Yes |
| Operating System | canonical | ubuntu_linux | 14.10 | Yes |