debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands (because of an eval call) via a crafted .deb file. (The path is shown to the user before execution.)
{ "binaries": [ { "binary_name": "debian-goodies", "binary_version": "0.84ubuntu0.1" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "debian-goodies", "binary_version": "0.87ubuntu1.1" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "debian-goodies", "binary_version": "0.88.1ubuntu1" } ] }
{ "binaries": [ { "binary_name": "debian-goodies", "binary_version": "0.63ubuntu1" } ] }
{ "binaries": [ { "binary_name": "debian-goodies", "binary_version": "0.64" } ] }
{ "binaries": [ { "binary_name": "debian-goodies", "binary_version": "0.79" } ] }