Candidate: CVE-2014-2905
PublicDate: 2014-05-02 14:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2905
 https://github.com/fish-shell/fish-shell/issues/1436
Description:
 fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the
 credentials, which allows local users to gain privileges via the universal
 variable socket, related to /tmp/fishd.socket.user permissions.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746259
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_fish:
upstream_fish: released (2.1.1)
lucid_fish: ignored (reached end-of-life)
precise_fish: ignored (reached end-of-life)
precise/esm_fish: DNE (precise was needed)
quantal_fish: ignored (reached end-of-life)
saucy_fish: ignored (reached end-of-life)
trusty_fish: ignored (reached end-of-life)
trusty/esm_fish: DNE (trusty was needed)
utopic_fish: ignored (reached end-of-life)
vivid_fish: ignored (reached end-of-life)
vivid/stable-phone-overlay_fish: DNE
vivid/ubuntu-core_fish: DNE
wily_fish: ignored (reached end-of-life)
xenial_fish: not-affected (2.1.1-1)
yakkety_fish: ignored (reached end-of-life)
zesty_fish: ignored (reached end-of-life)
artful_fish: ignored (reached end-of-life)
bionic_fish: not-affected (2.1.1-1)
cosmic_fish: not-affected (2.1.1-1)
disco_fish: not-affected (2.1.1-1)
devel_fish: not-affected (2.1.1-1)