Date: Mon, 10 Aug 2009 15:47:43 +0200 From: Tomas Hoger <thoger@...hat.com> To: oss-security@...ts.openwall.com Cc: oss-security+ml@...lde.de Subject: Re: CVE id request: groff (pdfroff) On Sun, 9 Aug 2009 15:48:17 +0200 Nico Golde <oss-security+ml@...lde.de> wrote: > First one: > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538330 > pdfroff tool of groff is creating files in a insecure manner > in the /tmp directory. > > Second: > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538338 > pdfroff tool of groff is calling ghostscript with the > -dSAFER command line option. Looking into groff's NEWS file, pdfroff was added in version 1.19.2, so that may be used as "first affected" in CVE description: http://cvs.savannah.gnu.org/viewvc/groff/groff/NEWS?view=markup -- Tomas Hoger / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ