oss-sec mailing list archives

CVE id request: chm2pdf insecure temporary files usage

From: Raphael Geissert <atomo64+debian () gmail com>
Date: Thu, 20 Nov 2008 21:32:53 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

Versions 0.9 and 0.9.1 of chm2pdf allow local users to overwrite arbitrary files
via a symlink attacks on /tmp/chm2pdf

More information at http://bugs.debian.org/501959

Could a CVE id be assigned please?

Thanks in advance.

Cheers,
- -- 
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkmK+YACgkQYy49rUbZzlrDlgCeOsa92d/XCpTjT0b9EikJwme0
C6oAoJhWLgQjNn0U/8BgI3dy/s5Q1Eom
=w0+u
-----END PGP SIGNATURE-----

Current thread:

CVE id request: chm2pdf insecure temporary files usage Raphael Geissert (Nov 20)
- Re: CVE id request: chm2pdf insecure temporary files usage Steven M. Christey (Dec 01)