Candidate: CVE-2011-2765
PublicDate: 2018-08-20 13:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2765
Description:
 pyro before 3.15 unsafely handles pid files in temporary directory
 locations and opening the pid file as root. An attacker can use this flaw
 to overwrite arbitrary files via symlinks.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631912
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH]

Patches_pyro:
upstream_pyro: released (1:3.14-1)
hardy_pyro: ignored (reached end-of-life)
lucid_pyro: ignored (reached end-of-life)
maverick_pyro: ignored (reached end-of-life)
natty_pyro: ignored (reached end-of-life)
oneiric_pyro: ignored (reached end-of-life)
precise_pyro: not-affected (1:3.14-1.1)
quantal_pyro: not-affected (1:3.14-1.1)
raring_pyro: not-affected (1:3.14-1.1)
saucy_pyro: not-affected (1:3.14-1.1)
devel_pyro: not-affected (1:3.14-1.1)