Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 10 Aug 2009 15:47:43 +0200
From: Tomas Hoger <thoger@...hat.com>
To: oss-security@...ts.openwall.com
Cc: oss-security+ml@...lde.de
Subject: Re: CVE id request: groff (pdfroff)

On Sun, 9 Aug 2009 15:48:17 +0200 Nico Golde
<oss-security+ml@...lde.de> wrote:

> First one:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538330
> pdfroff tool of groff is creating files in a insecure manner 
> in the /tmp directory.
> 
> Second:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538338
> pdfroff tool of groff is calling ghostscript with the 
> -dSAFER command line option.

Looking into groff's NEWS file, pdfroff was added in version 1.19.2, so
that may be used as "first affected" in CVE description:

http://cvs.savannah.gnu.org/viewvc/groff/groff/NEWS?view=markup

-- 
Tomas Hoger / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ