CVE-2014-8991
Publication date 24 November 2014
Last updated 24 July 2024
Ubuntu priority
pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.
Status
Package | Ubuntu Release | Status |
---|---|---|
python-pip | 18.04 LTS bionic |
Not affected
|
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Ignored end of ESM support, was ignored [see note above] | |
Notes
msalvatore
The patch from upstream does not resolve the CVE. Backporting this the actual fix for trusty requires invasive changes that will change the command line interface. The issues is first fixed in version 7.0.0 and the changelog mentions it is backwards incompatible.