2018-01-15 14:52
CVE-2017-8283 dpkg
2017-10-23 14:23
2017-10-17 20:43
2017-07-20 21:33
2017-06-16 19:22
2017-06-15 17:13
2017-05-16 16:03
2017-05-10 23:54
2017-05-03 21:03
2017-04-27 20:03


dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
artful dpkg None
devel dpkg None
precise/esm dpkg None
trusty dpkg None
xenial dpkg None


Release Package Reason
precise dpkg ignored
vivid/stable-phone-overlay dpkg ignored
vivid/ubuntu-core dpkg ignored
yakkety dpkg ignored
zesty dpkg ignored

Needs Triage

Release Package Reason
upstream dpkg needs-triage