VYPR

rpm package

opensuse/dpkg&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/dpkg&distro=openSUSE%20Tumbleweed

Vulnerabilities (3)

  • CVE-2026-2219HigMar 7, 2026
    affected < 1.22.22-1.1fixed 1.22.22-1.1

    It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU).

  • CVE-2025-6297Jul 1, 2025
    affected < 1.22.21-1.1fixed 1.22.21-1.1

    It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given

  • CVE-2015-0840Apr 13, 2015
    affected < 1.18.10-1.4fixed 1.18.10-1.4

    The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).