Just for reference: the vulnrable function is parse_error_msg([..]), not warningv([..]).
I've attached the patch that the maintainer as reccomended for the latest version of dpkg. ** Patch added: "0001-libdpkg-Escape-package-and-architecture-on-control-f.patch" https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135/+attachment/4260926/+files/0001-libdpkg-Escape-package-and-architecture-on-control-f.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1389135 Title: dpkg / dpkg-deb segfault -- possible format string bug/vuln? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
