[Secure-testing-team] Bug#746259: fish: CVE-2014-2905 CVE-2014-2906 CVE-2014-2914
Salvatore Bonaccorso
carnil at debian.org
Mon Apr 28 15:06:21 UTC 2014
Source: fish
Version: 1.23.1-2
Severity: grave
Tags: security upstream
Hi,
the following vulnerabilities were published for fish.
CVE-2014-2905[0]:
permission bypass leading to privilege escalation
CVE-2014-2906[1]:
unsafe temporary file creationg leading to privilege escalation
CVE-2014-2914[2]:
remote code execution
More details are in [3].
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-2905
[1] https://security-tracker.debian.org/tracker/CVE-2014-2906
[2] https://security-tracker.debian.org/tracker/CVE-2014-2914
[3] http://www.openwall.com/lists/oss-security/2014/04/28/4
Regards,
Salvatore
More information about the Secure-testing-team
mailing list