cpe:/a:fishshell:fish:1.16.0 cpe:/a:fishshell:fish:2.0.0 cpe:/o:fedoraproject:fedora:19 CVE-2014-3219 2018-02-09T17:29:00.363-05:00 2019-09-24T11:15:11.410-04:00 4.3 LOCAL LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov BID 67115 FEDORA FEDORA-2014-5783 GENTOO GLSA-201412-49 MLIST [oss-security] 20140506 Re: Upcoming security release of fish 2.1.1 MLIST [oss-security] 20140928 Security release of fish shell 2.1.1 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1092091 CONFIRM https://github.com/fish-shell/fish-shell/commit/3225d7e169a9edb2f470c26989e7bc8e0d0355ce CONFIRM https://github.com/fish-shell/fish-shell/issues/1440 SUSE openSUSE-SU-2019:2177 SUSE openSUSE-SU-2019:2188 fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER.