The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_name": "dpkg", "binary_version": "1.17.5ubuntu5.4" }, { "binary_name": "dpkg-dev", "binary_version": "1.17.5ubuntu5.4" }, { "binary_name": "dselect", "binary_version": "1.17.5ubuntu5.4" }, { "binary_name": "libdpkg-dev", "binary_version": "1.17.5ubuntu5.4" }, { "binary_name": "libdpkg-perl", "binary_version": "1.17.5ubuntu5.4" } ] }