Security Advisories (1)

CVE-2022-1664 (2022-05-26)

Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.

https://lists.debian.org/debian-security-announce/2022/msg00115.html
https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be
https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b
https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html
https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5
https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495

NAME

Dpkg::Control::Hash - parse and manipulate a block of RFC822-like fields

DESCRIPTION

This module is just like Dpkg::Control::HashCore, with vendor-specific field knowledge.

CHANGES

Version 1.00 (dpkg 1.15.6)

Mark the module as public.

To install Dpkg, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Dpkg

CPAN shell

perl -MCPAN -e shell
install Dpkg

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

DESCRIPTION

CHANGES

Version 1.00 (dpkg 1.15.6)

Module Install Instructions