CVE-2011-4617

NameCVE-2011-4617
Descriptionvirtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs652653

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
python-virtualenv (PTS)buster15.1.0+ds-2+deb10u1fixed
bullseye20.4.0+ds-2+deb11u1fixed
bookworm20.17.1+ds-1fixed
sid, trixie20.25.1+ds-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
python-virtualenvsourcesqueeze1.4.9-3squeeze1
python-virtualenvsource(unstable)1.6-1low652653

Notes

[lenny] - python-virtualenv <no-dsa> (Minor issue)

Search for package or bug name: Reporting problems