Unrated severityNVD Advisory· Published Oct 15, 2014· Updated May 6, 2026
CVE-2014-7206
CVE-2014-7206
Description
The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.
Affected products
6cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*range: <=1.0.9.1
- cpe:2.3:a:debian:advanced_package_tool:1.0.8:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- www.debian.org/security/2014/dsa-3048nvdVendor Advisory
- www.ubuntu.com/usn/USN-2370-1nvdVendor Advisory
- secunia.com/advisories/61158nvd
- secunia.com/advisories/61333nvd
- secunia.com/advisories/61768nvd
- www.securityfocus.com/bid/70310nvd
- bugs.debian.org/cgi-bin/bugreport.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/96951nvd
News mentions
0No linked articles in our index yet.