View at Official ubuntu advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2017-8283 negligible priority: Ubuntu including 1 source packages (dpkg), 16 status rows across 16 suites (artful, bionic, cosmic, disco, eoan, focal, groovy, hirsute, impish, jammy, precise, trusty, upstream, xenial, yakkety, zesty): not-affected 8, ignored 7, released 1.
dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.