oss-sec mailing list archives
CVE id request: chm2pdf insecure temporary files usage
From: Raphael Geissert <atomo64+debian () gmail com>
Date: Thu, 20 Nov 2008 21:32:53 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, Versions 0.9 and 0.9.1 of chm2pdf allow local users to overwrite arbitrary files via a symlink attacks on /tmp/chm2pdf More information at http://bugs.debian.org/501959 Could a CVE id be assigned please? Thanks in advance. Cheers, - -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkmK+YACgkQYy49rUbZzlrDlgCeOsa92d/XCpTjT0b9EikJwme0 C6oAoJhWLgQjNn0U/8BgI3dy/s5Q1Eom =w0+u -----END PGP SIGNATURE-----
Current thread:
- CVE id request: chm2pdf insecure temporary files usage Raphael Geissert (Nov 20)
- Re: CVE id request: chm2pdf insecure temporary files usage Steven M. Christey (Dec 01)