debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands (because of an eval call) via a crafted .deb file. (The path is shown to the user before execution.)
{ "availability": "No subscription required", "binaries": [ { "binary_version": "0.84ubuntu0.1", "binary_name": "debian-goodies" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "0.87ubuntu1.1", "binary_name": "debian-goodies" } ] }