CVE-2011-1031

Priority
Medium
Description
The feh_unique_filename function in utils.c in feh 1.11.2 and earlier might
allow local users to create arbitrary files via a symlink attack on a
/tmp/feh_ temporary file, a different vulnerability than CVE-2011-0702.
References
Bugs
Notes
mdeslaur> maverick+ symlink restrictions may block this
Package
Source: feh (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):needed
Ubuntu 12.10 (Quantal Quetzal):needed
Ubuntu 13.10 (Saucy Salamander):needed
Ubuntu 14.04 LTS (Trusty Tahr):needed
Patches:
Upstream:https://derf.homelinux.org/git/feh/commit/?id=23421a86cc826dd30f3dc4f62057fafb04b3ac40
More Information

Valid XHTML 1.0 Strict

Updated: 2014-04-18 13:15:06 UTC (commit 7949)