pacman

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A library-based package manager with dependency support
Version 6.1.0-3 [core]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1049 5.1.3-1 5.2.0-1 High Fixed
AVG-921 5.1.2-1 5.1.3-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2019-18183 AVG-1049 High Yes Arbitrary command execution
pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. This can be exploited when unsigned...
CVE-2019-18182 AVG-1049 High Yes Arbitrary command execution
pacman before 5.2 is vulnerable to arbitrary command injection in src/pacman/conf.c in the download_with_xfercommand() function. This can be exploited when...
CVE-2019-9686 AVG-921 High Yes Arbitrary code execution
pacman prior to version 5.1.3 allows directory traversal when installing a remote package via a specified URL "pacman -U <url>" due to an unsanitized file...

Advisories

Date Advisory Group Severity Type
23 Oct 2019 ASA-201910-13 AVG-1049 High arbitrary command execution
11 Mar 2019 ASA-201903-7 AVG-921 High arbitrary code execution