CVE-2015-4156 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4156): GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file. CVE-2015-4155 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4155): GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file. Maintainers: if this package is ready for stabilization, please CC arch teams.
Keywords for sys-process/parallel: | | u | | a a a n p s | n | | l m r h i m m i p s p | u s | r | p d a m p a 6 i o p c 3 a x | s l | e | h 6 r 6 p 6 8 p s p 6 9 s r 8 | e o | p | a 4 m 4 a 4 k s 2 c 4 0 h c 6 | d t | o ---------+-------------------------------+-----+------- 20140622 | o + o o o o o o o o o o o o + | o 0 | gentoo 20141122 | o + o o o o o o o o o o o o ~ | o | gentoo 20150122 | o ~ o o o o o o o o o o o o ~ | # | gentoo Arches please proceed with sys-process/parallel-20150522.
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
GLSA vote: No.
GLSA Vote: No
30 Jun 2015; Ian Delaney <idella4@gentoo.org> -parallel-20140622.ebuild, -parallel-20141122.ebuild, -parallel-20150122.ebuild, -parallel-20150222.ebuild, -parallel-20150322.ebuild: cleanup for bug #552622