CVE-2014-1638

Name of the Vulnerable Software and Affected Versions localepurge versions prior to 0.7.3.2

Description The issue allows local users to overwrite arbitrary files via a symlink attack. This is due to the use of tempfile to create a safe temporary file, but appending a suffix to the original filename and writing to this new filename.

Recommendations For versions prior to 0.7.3.2, update to version 0.7.3.2 or later to resolve the issue.