touch-packages team mailing list archive

[Michael Vogt <michael.vogt@xxxxxxxxxxxxx>]

*** This bug is a security vulnerability ***

Public security bug reported:

Apt creates the tempfile for apt-get changelog in a insecure fashion.
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780 for the
details

** Affects: apt (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: apt (Ubuntu Precise)
     Importance: Undecided
         Status: New

** Affects: apt (Ubuntu Trusty)
     Importance: Undecided
         Status: New

** Affects: apt (Ubuntu Utopic)
     Importance: Undecided
         Status: New

** Affects: apt (Debian)
     Importance: Unknown
         Status: Unknown

** Bug watch added: Debian Bug tracker #763780
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780

** Also affects: apt (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780
   Importance: Unknown
       Status: Unknown

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-7206

** Also affects: apt (Ubuntu Precise)
   Importance: Undecided
       Status: New

** Also affects: apt (Ubuntu Utopic)
   Importance: Undecided
       Status: New

** Also affects: apt (Ubuntu Trusty)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1378680

Title:
  Insecure tempfile handling

Status in “apt” package in Ubuntu:
  New
Status in “apt” source package in Precise:
  New
Status in “apt” source package in Trusty:
  New
Status in “apt” source package in Utopic:
  New
Status in “apt” package in Debian:
  Unknown

Bug description:
  Apt creates the tempfile for apt-get changelog in a insecure fashion.
  See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780 for the
  details

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1378680/+subscriptions