Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 10 Aug 2009 15:47:43 +0200
From: Tomas Hoger <>
Subject: Re: CVE id request: groff (pdfroff)

On Sun, 9 Aug 2009 15:48:17 +0200 Nico Golde
<> wrote:

> First one:
> pdfroff tool of groff is creating files in a insecure manner 
> in the /tmp directory.
> Second:
> pdfroff tool of groff is calling ghostscript with the 
> -dSAFER command line option.

Looking into groff's NEWS file, pdfroff was added in version 1.19.2, so
that may be used as "first affected" in CVE description:

Tomas Hoger / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ