Candidate: CVE-2014-1638
PublicDate: 2014-01-28 00:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1638
 http://xforce.iss.net/xforce/xfdb/90669
 http://www.openwall.com/lists/oss-security/2014/01/22/4
 http://www.openwall.com/lists/oss-security/2014/01/22/3
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736359
Description:
 (1) debian/postrm and (2) debian/localepurge.config in localepurge before
 0.7.3.2 use tempfile to create a safe temporary file but appends a suffix
 to the original filename and writes to this new filename, which allows
 local users to overwrite arbitrary files via a symlink attack on the new
 filename.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736359
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_localepurge:
upstream_localepurge: released (0.7.3.2)
lucid_localepurge: ignored (reached end-of-life)
precise_localepurge: ignored (reached end-of-life)
precise/esm_localepurge: DNE (precise was needed)
quantal_localepurge: ignored (reached end-of-life)
saucy_localepurge: ignored (reached end-of-life)
trusty_localepurge: not-affected (0.7.3.2)
trusty/esm_localepurge: DNE (trusty was not-affected [0.7.3.2])
utopic_localepurge: not-affected (0.7.3.2)
vivid_localepurge: not-affected (0.7.3.2)
vivid/stable-phone-overlay_localepurge: DNE
vivid/ubuntu-core_localepurge: DNE
wily_localepurge: not-affected (0.7.3.2)
xenial_localepurge: not-affected (0.7.3.2)
yakkety_localepurge: not-affected (0.7.3.2)
zesty_localepurge: not-affected (0.7.3.2)
devel_localepurge: not-affected (0.7.3.2)