[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE id request: chm2pdf insecure temporary files usage
From: Raphael Geissert <atomo64+debian () gmail ! com>
Date: 2008-11-21 3:32:53
Message-ID: gg5a6c$gs5$4 () ger ! gmane ! org
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
Versions 0.9 and 0.9.1 of chm2pdf allow local users to overwrite arbitrary files
via a symlink attacks on /tmp/chm2pdf
More information at http://bugs.debian.org/501959
Could a CVE id be assigned please?
Thanks in advance.
Cheers,
- --
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkkmK+YACgkQYy49rUbZzlrDlgCeOsa92d/XCpTjT0b9EikJwme0
C6oAoJhWLgQjNn0U/8BgI3dy/s5Q1Eom
=w0+u
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic