pacman
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | A library-based package manager with dependency support |
| Version | 7.0.0.r3.g7736133-1 [core] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1049 | 5.1.3-1 | 5.2.0-1 | High | Fixed | |
| AVG-921 | 5.1.2-1 | 5.1.3-1 | High | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2019-18183 | AVG-1049 | High | Yes | Arbitrary command execution | pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. This can be exploited when unsigned... |
| CVE-2019-18182 | AVG-1049 | High | Yes | Arbitrary command execution | pacman before 5.2 is vulnerable to arbitrary command injection in src/pacman/conf.c in the download_with_xfercommand() function. This can be exploited when... |
| CVE-2019-9686 | AVG-921 | High | Yes | Arbitrary code execution | pacman prior to version 5.1.3 allows directory traversal when installing a remote package via a specified URL "pacman -U <url>" due to an unsanitized file... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 23 Oct 2019 | ASA-201910-13 | AVG-1049 | High | arbitrary command execution |
| 11 Mar 2019 | ASA-201903-7 | AVG-921 | High | arbitrary code execution |