1
PublicDateAtUSN: 2012-12-12
2
Candidate: CVE-2012-0961
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0961
6
https://usn.ubuntu.com/usn/usn-1662-1
8
Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6,
9
0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x
10
before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions
11
for /var/log/apt/term.log, which allows local users to obtain sensitive
12
shell information by reading the log file.
15
mdeslaur> This was introduced in Oneiric, as the fix for bug 404724
17
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/975199
23
upstream_apt: needs-triage
24
hardy_apt: not-affected
25
lucid_apt: not-affected
26
oneiric_apt: released (0.8.16~exp5ubuntu13.6)
27
precise_apt: released (0.8.16~exp12ubuntu10.7)
28
quantal_apt: released (0.9.7.5ubuntu5.2)
29
devel_apt: released (0.9.7.6ubuntu6)