Candidate: CVE-2014-1639
PublicDate: 2014-01-28 00:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1639
 http://xforce.iss.net/xforce/xfdb/90662
 http://www.openwall.com/lists/oss-security/2014/01/22/4
 http://www.openwall.com/lists/oss-security/2014/01/22/3
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736357
Description:
 syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp
 to create a safe temporary file but appends a suffix to the original
 filename and writes to this new filename, which allows local users to
 overwrite arbitrary files via a symlink attack on the new filename.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736357
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_syncevolution:
upstream_syncevolution: needs-triage
lucid_syncevolution: ignored (reached end-of-life)
precise_syncevolution: ignored (reached end-of-life)
precise/esm_syncevolution: DNE (precise was needed)
quantal_syncevolution: ignored (reached end-of-life)
saucy_syncevolution: ignored (reached end-of-life)
trusty_syncevolution: ignored (reached end-of-life)
trusty/esm_syncevolution: DNE (trusty was needed)
utopic_syncevolution: ignored (reached end-of-life)
vivid_syncevolution: ignored (reached end-of-life)
vivid/stable-phone-overlay_syncevolution: ignored (reached end-of-life)
vivid/ubuntu-core_syncevolution: DNE
wily_syncevolution: ignored (reached end-of-life)
xenial_syncevolution: not-affected (1.3.99.7-1)
yakkety_syncevolution: ignored (reached end-of-life)
zesty_syncevolution: ignored (reached end-of-life)
artful_syncevolution: ignored (reached end-of-life)
bionic_syncevolution: not-affected (1.3.99.7-1)
cosmic_syncevolution: not-affected (1.3.99.7-1)
disco_syncevolution: not-affected (1.3.99.7-1)
devel_syncevolution: not-affected (1.3.99.7-1)