Launchpad.net

CVE 2014-7206

The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.

CVE-2014-7206 (Candidate) is related to these bugs:

Bug #1378680: Insecure tempfile handling

		In	Importance	Status
1378680	Insecure tempfile handling	apt (Ubuntu)	Undecided	Fix Released
1378680	Insecure tempfile handling	apt (Debian)	Unknown	Fix Released
1378680	Insecure tempfile handling	apt (Ubuntu Precise)	Medium	Fix Released
1378680	Insecure tempfile handling	apt (Ubuntu Utopic)	Undecided	Fix Released
1378680	Insecure tempfile handling	apt (Ubuntu Trusty)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.