CVE-2014-1402

Priority
Medium
Description
The default configuration for bccache.FileSystemBytecodeCache in Jinja2
before 2.7.2 does not properly create temporary files, which allows local
users to gain privileges via a crafted .cache file with a name starting
with __jinja2_ in /tmp.
References
Bugs
Notes
mdeslaur> upstream commit below included in 2.7.2 introduces a temp file
mdeslaur> issue, which is CVE-2014-0012
Assigned-to
mdeslaur
Package
Upstream:released (2.7.2)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):released (2.6-1ubuntu0.1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (2.7.2-2)
Ubuntu 14.10 (Utopic Unicorn):not-affected (2.7.2-2)
Patches:
Upstream:https://github.com/mitsuhiko/jinja2/commit/acb672b6a179567632e032f547582f30fa2f4aa7
More Information

Valid XHTML 1.0 Strict

Updated: 2014-07-24 14:14:39 UTC (commit 8276)