CVE-2014-1604

Publication date 28 January 2014

Last updated 24 July 2024

Ubuntu priority

The parser cache functionality in parsergenerator.py in RPLY (aka python-rply) before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-*.json file with a predictable name.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
python-rply	14.04 LTS trusty	Not in release
	13.10 saucy	Not in release
	13.04 raring	Not in release
	12.10 quantal	Not in release
	12.04 LTS precise	Not in release
	10.04 LTS lucid	Not in release

How can I get the fixes?
What do statuses mean?

Notes

seth-arnold

fc9bbcd25b0b4f09bbd6339f710ad24c129d5d7cand gives a 404

References

MITRE
NVD
Launchpad
Debian

Other references

https://github.com/alex/rply/commit/fc9bbcd25b0b4f09bbd6339f710ad24c129d5d7cand
https://www.cve.org/CVERecord?id=CVE-2014-1604