GCVE - cpe:2.3:a:debian:dpkg:1.15.8.8:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:debian:dpkg:1.15.8.8:*:*:*:*:*:*:*

part: a version: 1.15.8.8 update: *

Vendor	Debian (`4199fb5b-36f6-5ceb-83d5-855460345e36`)
Product	Dpkg (`70d9845d-a063-5593-86fb-6bada4efd00c`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/dpkg`	purl2cpe	2026-06-01 10:17:13.901698
`pkg:deb/ubuntu/dpkg`	purl2cpe	2026-06-01 10:17:13.901700
`pkg:github/davidben/dpkg`	purl2cpe	2026-06-01 10:17:13.901701
`pkg:github/guillemj/dpkg`	purl2cpe	2026-06-01 10:17:13.901703
`pkg:rpm/fedora/dpkg`	purl2cpe	2026-06-01 10:17:13.901704
`pkg:rpm/opensuse/dpkg`	purl2cpe	2026-06-01 10:17:13.901706

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-8283`	vulnerable	2026-06-03 14:37:39.765754	Details available dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD. Published: 2017-04-26T05:28:00.000Z Updated: 2024-08-05T16:34:21.674Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/98064 http://www.openwall.com/lists/oss-security/2017/04/20/2	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3127`	vulnerable	2026-06-03 14:33:53.220126	Details available dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471. Published: 2014-05-14T00:00:00.000Z Updated: 2024-08-06T10:35:57.031Z Open on db.gcve.eu Reference links https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306 http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog http://seclists.org/oss-sec/2014/q2/191 http://seclists.org/oss-sec/2014/q2/227 http://www.securityfocus.com/bid/67181	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-0402`	vulnerable	2026-06-03 14:30:48.763139	Details available dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory. Published: 2011-01-11T01:00:00.000Z Updated: 2024-08-06T21:51:09.064Z Open on db.gcve.eu Reference links http://secunia.com/advisories/42831 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html https://exchange.xforce.ibmcloud.com/vulnerabilities/64614 http://secunia.com/advisories/42826 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-1679`	vulnerable	2026-06-03 14:30:16.404597	Details available Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package. Published: 2011-01-11T01:00:00.000Z Updated: 2024-08-07T01:35:52.662Z Open on db.gcve.eu Reference links http://secunia.com/advisories/42831 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html http://secunia.com/advisories/42826 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html https://exchange.xforce.ibmcloud.com/vulnerabilities/64615	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.