touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #24487
[Bug 1378680] [NEW] Insecure tempfile handling
*** This bug is a security vulnerability ***
Public security bug reported:
Apt creates the tempfile for apt-get changelog in a insecure fashion.
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780 for the
details
** Affects: apt (Ubuntu)
Importance: Undecided
Status: New
** Affects: apt (Ubuntu Precise)
Importance: Undecided
Status: New
** Affects: apt (Ubuntu Trusty)
Importance: Undecided
Status: New
** Affects: apt (Ubuntu Utopic)
Importance: Undecided
Status: New
** Affects: apt (Debian)
Importance: Unknown
Status: Unknown
** Bug watch added: Debian Bug tracker #763780
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780
** Also affects: apt (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780
Importance: Unknown
Status: Unknown
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-7206
** Also affects: apt (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: apt (Ubuntu Utopic)
Importance: Undecided
Status: New
** Also affects: apt (Ubuntu Trusty)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1378680
Title:
Insecure tempfile handling
Status in “apt” package in Ubuntu:
New
Status in “apt” source package in Precise:
New
Status in “apt” source package in Trusty:
New
Status in “apt” source package in Utopic:
New
Status in “apt” package in Debian:
Unknown
Bug description:
Apt creates the tempfile for apt-get changelog in a insecure fashion.
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780 for the
details
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1378680/+subscriptions
Follow ups
References