Candidate: CVE-2014-2524
PublicDate: 2014-08-20 14:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2524
 http://www.openwall.com/lists/oss-security/2014/03/14/5
Description:
 The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows
 local users to create or overwrite arbitrary files via a symlink attack on
 a /var/tmp/rltrace.[PID] file.
Ubuntu-Description:
Notes:
 mdeslaur> the security issue is in a debugging function that isn't used,
 mdeslaur> we will not be publishing an update for this issue.
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741953
Priority: negligible
Discovered-by:
Assigned-to:
CVSS: 

Patches_readline6:
upstream_readline6: released (6.3-8)
lucid_readline6: ignored (reached end-of-life)
precise_readline6: ignored
quantal_readline6: ignored (reached end-of-life)
saucy_readline6: ignored (reached end-of-life)
trusty_readline6: ignored
trusty/esm_readline6: ignored
utopic_readline6: ignored (reached end-of-life)
vivid_readline6: ignored (reached end-of-life)
vivid/stable-phone-overlay_readline6: not-affected (6.3-8ubuntu1)
vivid/ubuntu-core_readline6: not-affected (6.3-8ubuntu1)
wily_readline6: not-affected (6.3-8ubuntu1)
devel_readline6: not-affected (6.3-8ubuntu1)