pacman
Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
Description | A library-based package manager with dependency support |
Version | 7.0.0.r6.gc685ae6-1 [core] |
Resolved
Group | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|
AVG-1049 | 5.1.3-1 | 5.2.0-1 | High | Fixed | |
AVG-921 | 5.1.2-1 | 5.1.3-1 | High | Fixed |
Issue | Group | Severity | Remote | Type | Description |
---|---|---|---|---|---|
CVE-2019-18183 | AVG-1049 | High | Yes | Arbitrary command execution | pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. This can be exploited when unsigned... |
CVE-2019-18182 | AVG-1049 | High | Yes | Arbitrary command execution | pacman before 5.2 is vulnerable to arbitrary command injection in src/pacman/conf.c in the download_with_xfercommand() function. This can be exploited when... |
CVE-2019-9686 | AVG-921 | High | Yes | Arbitrary code execution | pacman prior to version 5.1.3 allows directory traversal when installing a remote package via a specified URL "pacman -U <url>" due to an unsanitized file... |
Advisories
Date | Advisory | Group | Severity | Type |
---|---|---|---|---|
23 Oct 2019 | ASA-201910-13 | AVG-1049 | High | arbitrary command execution |
11 Mar 2019 | ASA-201903-7 | AVG-921 | High | arbitrary code execution |