1
Candidate: CVE-2015-5700
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5700
5
http://www.openwall.com/lists/oss-security/2015/04/23/22
6
http://www.openwall.com/lists/oss-security/2015/07/28/5
8
mktexlsr revision 22855 through revision 36625 as packaged in texlive
9
allows local users to write to arbitrary files via a symlink attack.
12
sarnold> See also CVE-2015-5701
13
mdeslaur> introduced by:
14
mdeslaur> https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613&r2=22885
16
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775139
18
Discovered-by: Jakub Wilk
21
Tags_texlive-bin: hardlink-restriction symlink-restriction
23
upstream_texlive-bin: released (2014.20140926.35254-5)
24
precise_texlive-bin: not-affected (vulnerable code not present)
25
precise/esm_texlive-bin: DNE (precise was not-affected [vulnerable code not present])
26
trusty_texlive-bin: needed
27
vivid_texlive-bin: not-affected (2014.20140926.35254-6build1)
28
vivid/stable-phone-overlay_texlive-bin: DNE
29
vivid/ubuntu-core_texlive-bin: DNE
30
wily_texlive-bin: not-affected
31
xenial_texlive-bin: not-affected
32
yakkety_texlive-bin: not-affected
33
zesty_texlive-bin: not-affected
34
artful_texlive-bin: not-affected
35
bionic_texlive-bin: not-affected
36
devel_texlive-bin: not-affected