Candidate: CVE-2014-3219
PublicDate: 2018-02-09 22:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3219
 http://www.openwall.com/lists/oss-security/2014/05/06
Description:
 fish before 2.1.1 allows local users to write to arbitrary files via a
 symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3)
 /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746259
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]

Patches_fish:
upstream_fish: released (2.1.1)
lucid_fish: ignored (reached end-of-life)
precise_fish: ignored (reached end-of-life)
precise/esm_fish: DNE (precise was needed)
saucy_fish: ignored (reached end-of-life)
trusty_fish: ignored (reached end-of-life)
trusty/esm_fish: DNE (trusty was needed)
utopic_fish: ignored (reached end-of-life)
vivid_fish: ignored (reached end-of-life)
vivid/stable-phone-overlay_fish: DNE
vivid/ubuntu-core_fish: DNE
wily_fish: ignored (reached end-of-life)
xenial_fish: not-affected (2.1.1-1)
yakkety_fish: ignored (reached end-of-life)
zesty_fish: ignored (reached end-of-life)
artful_fish: ignored (reached end-of-life)
bionic_fish: not-affected (2.1.1-1)
cosmic_fish: not-affected (2.1.1-1)
disco_fish: not-affected (2.1.1-1)
devel_fish: not-affected (2.1.1-1)