Candidate: CVE-2013-0296
PublicDate: 2014-04-27 21:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0296
 http://www.openwall.com/lists/oss-security/2013/02/15/4
Description:
 Race condition in pigz before 2.2.5 uses permissions derived from the umask
 when compressing a file before setting that file's permissions to match
 those of the original file, which might allow local users to bypass
 intended access permissions while compression is occurring.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700608
Priority: medium
Discovered-by: Michael Tokarev
Assigned-to:
CVSS: 

Patches_pigz:
upstream_pigz: released (2.2.4-2)
hardy_pigz: DNE
lucid_pigz: ignored (reached end-of-life)
oneiric_pigz: ignored (reached end-of-life)
precise_pigz: ignored (reached end-of-life)
precise/esm_pigz: DNE (precise was needed)
quantal_pigz: ignored (reached end-of-life)
raring_pigz: ignored (reached end-of-life)
saucy_pigz: ignored (reached end-of-life)
trusty_pigz: not-affected (2.3-2)
trusty/esm_pigz: not-affected (2.3-2)
utopic_pigz: ignored (reached end-of-life)
vivid_pigz: ignored (reached end-of-life)
vivid/stable-phone-overlay_pigz: DNE
vivid/ubuntu-core_pigz: DNE
wily_pigz: ignored (reached end-of-life)
xenial_pigz: not-affected (2.3.1-2)
yakkety_pigz: not-affected (2.3.1-2)
zesty_pigz: not-affected
devel_pigz: not-affected