Source: parallel Version: 20120422-1 Severity: normal Tags: security upstream fixed-upstream
Hi, the following vulnerabilities were published for parallel. CVE-2015-4155[0]: | GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) | --cat, (4) --fifo, or (5) --compress, allows local users to write to | arbitrary files via a symlink attack on a temporary file. CVE-2015-4156[1]: | GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) | --fifo with --sshlogin, allows local users to write to arbitrary files | via a symlink attack on a temporary file. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-4155 [1] https://security-tracker.debian.org/tracker/CVE-2015-4156 Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
