lib/Locale/Po4a/Po.pm in po4a before 0.32 allows local users to overwrite arbitrary files via a symlink attack on the gettextization.failed.po temporary file.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | po4a | < 0.31-1 | po4a_0.31-1_all.deb |
Debian | 11 | all | po4a | < 0.31-1 | po4a_0.31-1_all.deb |
Debian | 10 | all | po4a | < 0.31-1 | po4a_0.31-1_all.deb |
Debian | 999 | all | po4a | < 0.31-1 | po4a_0.31-1_all.deb |
Debian | 13 | all | po4a | < 0.31-1 | po4a_0.31-1_all.deb |