{"api_version":"1","generated_at":"2026-06-10T19:26:19+00:00","cve":"CVE-2015-0840","urls":{"html":"https://cve.report/CVE-2015-0840","api":"https://cve.report/api/cve/CVE-2015-0840.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-0840","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-0840"},"summary":{"title":"CVE-2015-0840","description":"The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).","state":"PUBLISHED","assigner":"debian","published_at":"2015-04-13 14:59:01","updated_at":"2026-05-06 22:30:45"},"problem_types":["CWE-284","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.ubuntu.com/usn/USN-2566-1","name":"http://www.ubuntu.com/usn/USN-2566-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"USN-2566-1: dpkg vulnerability | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-updates/2015-06/msg00029.html","name":"http://lists.opensuse.org/opensuse-updates/2015-06/msg00029.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"openSUSE-SU-2015:1058-1: moderate: Security update for dpkg, update-alte","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2015/dsa-3217","name":"http://www.debian.org/security/2015/dsa-3217","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Debian -- Security Information -- DSA-3217-1 dpkg","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html","name":"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[SECURITY] Fedora 22 Update: dpkg-1.16.16-5.fc22","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-0840","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0840","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"840","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"10.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"840","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"12.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"840","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"14.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"840","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"14.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"840","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"840","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"840","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"840","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.11","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"840","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.12","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"840","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.13","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"840","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.14","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"840","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.15","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"840","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.16","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"840","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.17","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"840","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.18","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"840","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.19","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"840","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"840","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.20","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"840","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.21","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"840","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.22","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"840","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.23","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"840","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.24","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"840","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"840","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"840","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"840","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"840","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"840","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"840","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"1.17.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"840","vulnerable":"1","versionEndIncluding":"1.16.15","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"debian","cpe5":"dpkg","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T04:26:10.605Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"USN-2566-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://www.ubuntu.com/usn/USN-2566-1"},{"name":"FEDORA-2015-6974","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html"},{"name":"openSUSE-SU-2015:1058","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-updates/2015-06/msg00029.html"},{"name":"DSA-3217","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2015/dsa-3217"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2015-04-09T00:00:00.000Z","descriptions":[{"lang":"en","value":"The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc)."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2016-12-30T15:57:01.000Z","orgId":"79363d38-fa19-49d1-9214-5f28da3f3ac5","shortName":"debian"},"references":[{"name":"USN-2566-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://www.ubuntu.com/usn/USN-2566-1"},{"name":"FEDORA-2015-6974","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html"},{"name":"openSUSE-SU-2015:1058","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-updates/2015-06/msg00029.html"},{"name":"DSA-3217","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2015/dsa-3217"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@debian.org","ID":"CVE-2015-0840","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc)."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"USN-2566-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/USN-2566-1"},{"name":"FEDORA-2015-6974","refsource":"FEDORA","url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html"},{"name":"openSUSE-SU-2015:1058","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-updates/2015-06/msg00029.html"},{"name":"DSA-3217","refsource":"DEBIAN","url":"http://www.debian.org/security/2015/dsa-3217"}]}}}},"cveMetadata":{"assignerOrgId":"79363d38-fa19-49d1-9214-5f28da3f3ac5","assignerShortName":"debian","cveId":"CVE-2015-0840","datePublished":"2015-04-13T14:00:00.000Z","dateReserved":"2015-01-07T00:00:00.000Z","dateUpdated":"2024-08-06T04:26:10.605Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2015-04-13 14:59:01","lastModifiedDate":"2026-05-06 22:30:45","problem_types":["CWE-284","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*","versionEndIncluding":"1.16.15","matchCriteriaId":"1BC2DC5F-3635-4847-8111-4C0FDC52FD42"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.0:*:*:*:*:*:*:*","matchCriteriaId":"D18D2B08-C8DD-475D-8E7D-F39E8C24723B"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.1:*:*:*:*:*:*:*","matchCriteriaId":"BA424995-B5E0-4C8A-862B-5290506DF94E"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.2:*:*:*:*:*:*:*","matchCriteriaId":"43F974E2-41AF-42B2-8EE7-02724FD37673"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.3:*:*:*:*:*:*:*","matchCriteriaId":"EFD1F763-34E3-4B39-9184-6CCCD75733A0"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.4:*:*:*:*:*:*:*","matchCriteriaId":"1C8ADF13-CEF9-400B-BACA-F64AFDEEED7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.5:*:*:*:*:*:*:*","matchCriteriaId":"2B2595A0-024B-4C82-8626-9471A3FB96D6"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.6:*:*:*:*:*:*:*","matchCriteriaId":"E81B04E7-FBA1-45D3-B458-3B57DF331796"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.7:*:*:*:*:*:*:*","matchCriteriaId":"934A9FC7-1B44-4A70-83B6-21783C5BB9BB"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.8:*:*:*:*:*:*:*","matchCriteriaId":"A66344A0-A556-4E72-9954-CBC0FF9B900F"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.9:*:*:*:*:*:*:*","matchCriteriaId":"82E72C4D-373A-4E74-A038-AD79EA0845D7"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.10:*:*:*:*:*:*:*","matchCriteriaId":"13D89B07-FB9C-4D88-91A1-431FB91605DC"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.11:*:*:*:*:*:*:*","matchCriteriaId":"067D13A0-0DBA-4749-9E5C-428338758C49"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.12:*:*:*:*:*:*:*","matchCriteriaId":"955DA593-FD4C-4BC8-8B64-CA193892C1CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.13:*:*:*:*:*:*:*","matchCriteriaId":"6E35346F-2FCD-42D3-ADE2-D25DCBF11D86"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.14:*:*:*:*:*:*:*","matchCriteriaId":"681BF89B-6501-4992-A953-578908C68ECC"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.15:*:*:*:*:*:*:*","matchCriteriaId":"3E9DD402-ADC7-4000-A6C8-D62DA2BD8A22"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.16:*:*:*:*:*:*:*","matchCriteriaId":"E26692A1-6DE7-4295-99BD-EFF9B0C20162"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.17:*:*:*:*:*:*:*","matchCriteriaId":"A5B65F0D-1708-4B73-B9C3-033E8150348D"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.18:*:*:*:*:*:*:*","matchCriteriaId":"A257BEDB-0148-4EE6-B7EA-0DE39752F897"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.19:*:*:*:*:*:*:*","matchCriteriaId":"1A046309-41A1-420C-ABF3-090AD11C9EBB"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.20:*:*:*:*:*:*:*","matchCriteriaId":"198C70C8-EB31-4E54-A690-727518FBCD6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.21:*:*:*:*:*:*:*","matchCriteriaId":"130E8C0F-0649-4F32-921F-A51EEA4981DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.22:*:*:*:*:*:*:*","matchCriteriaId":"8FF133CE-B3D1-48C2-8AC1-938E70820CF3"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.23:*:*:*:*:*:*:*","matchCriteriaId":"13C6ED10-12DC-4896-9B8A-E05BAB5B5DEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:debian:dpkg:1.17.24:*:*:*:*:*:*:*","matchCriteriaId":"32CCB09B-144F-48E0-BB8C-453C15292F7F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*","matchCriteriaId":"5D37DF0F-F863-45AC-853A-3E04F9FEC7CA"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","matchCriteriaId":"B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","matchCriteriaId":"B5A6F2F3-4894-4392-8296-3B8DD2679084"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*","matchCriteriaId":"49A63F39-30BE-443F-AF10-6245587D3359"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"840","Ordinal":"1","Title":"CVE-2015-0840","CVE":"CVE-2015-0840","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"840","Ordinal":"1","NoteData":"The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).","Type":"Description","Title":"CVE-2015-0840"},{"CveYear":"2015","CveId":"840","Ordinal":"2","NoteData":"2015-04-13","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"840","Ordinal":"3","NoteData":"2016-12-30","Type":"Other","Title":"Modified"}]}}}