Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution by requesting a review of a source package with a crafted YAML file.
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Lintian | Debian | * | 2.5.50.3 (including) |
Lintian | Ubuntu | devel | * |
Lintian | Ubuntu | esm-infra/xenial | * |
Lintian | Ubuntu | upstream | * |
Lintian | Ubuntu | xenial | * |
Lintian | Ubuntu | yakkety | * |
Lintian | Ubuntu | zesty | * |