oss-sec mailing list archives
Re: CVE Request: html2ps
From: Moritz Muehlenhoff <jmm () debian org>
Date: Sun, 7 Oct 2012 11:29:48 +0200
On Fri, Oct 05, 2012 at 12:43:55PM -0600, Kurt Seifried wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/05/2012 04:49 AM, Marc Deslauriers wrote:Hello, I don't believe a CVE was ever assigned to this html2ps flaw in 2009: Directory traversal vulnerability in html2ps before 1.0b7 allows remote attackers to read arbitrary files via directory traversal sequences in SSI directives See: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=548633 https://bugzilla.redhat.com/show_bug.cgi?id=526513 http://packetstormsecurity.org/files/81614/html2ps-1.0-beta5-File-Disclosure.html Thanks, Marc.Please use CVE-2009-5067 for this issue. BTW if anyone wants to go through the Red Hat Bugzilla and make sure all the security have CVE's assigned feel free to contact me and I can let you know the easiest way to get the data/check it =).
Likewise for the Debian Security Tracker: http://security-tracker.debian.org/tracker/data/fake-names contains a list of all tracked issues without a CVE reference (most of this is historic, of course) Cheers, Moritz
Current thread:
- CVE Request: html2ps Marc Deslauriers (Oct 05)
- Re: CVE Request: html2ps Kurt Seifried (Oct 05)
- Re: CVE Request: html2ps Moritz Muehlenhoff (Oct 07)
- Re: CVE Request: html2ps Kurt Seifried (Oct 05)