Acknowledged
Created: May 14, 2017
Updated: May 29, 2018
Found In Version: 7.0.0.24
Severity: Standard
Applicable for: Wind River Linux 7
Component/s: Userspace
dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.
https://nvd.nist.gov/vuln/detail/CVE-2017-8283