'[oss-security] CVE id request: chm2pdf insecure temporary files usage'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security]  CVE id request: chm2pdf insecure temporary files usage
From:       Raphael Geissert <atomo64+debian () gmail ! com>
Date:       2008-11-21 3:32:53
Message-ID: gg5a6c$gs5$4 () ger ! gmane ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

Versions 0.9 and 0.9.1 of chm2pdf allow local users to overwrite arbitrary files
via a symlink attacks on /tmp/chm2pdf

More information at http://bugs.debian.org/501959

Could a CVE id be assigned please?

Thanks in advance.

Cheers,
- -- 
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkmK+YACgkQYy49rUbZzlrDlgCeOsa92d/XCpTjT0b9EikJwme0
C6oAoJhWLgQjNn0U/8BgI3dy/s5Q1Eom
=w0+u
-----END PGP SIGNATURE-----

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic