Re: address@hidden: Bug#538330: groff: pdfroff uses (and documents!) ins

bug-groff

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: address@hidden: Bug#538330: groff: pdfroff uses (and documents!) ins

From:	Colin Watson
Subject:	Re: address@hidden: Bug#538330: groff: pdfroff uses (and documents!) insecure temporary files]
Date:	Sat, 15 Aug 2009 08:54:50 +0100
User-agent:	Mutt/1.5.18 (2008-05-17)

On Sat, Jul 25, 2009 at 09:30:18AM +0100, Colin Watson wrote:
> See attached report; this is indeed a standard anti-pattern resulting in
> security vulnerabilities. In Debian I'd be rather tempted to use 'mktemp
> -d' to fix this. What do you think?

Nico Golde points out that Openwall have a patch for this. I'm applying
this to the Debian package:

  curl -s 
'http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff'
 | filterdiff -i '*pdfroff*'

Thanks,

-- 
Colin Watson                                       address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

address@hidden: Bug#538330: groff: pdfroff uses (and documents!) insecure temporary files], Colin Watson, 2009/08/11
- Re: address@hidden: Bug#538330: groff: pdfroff uses (and documents!) insecure temporary files], Colin Watson <=

Prev by Date: Re: Bug#540477: man: groff_char: Incorrect unicode codes for white heart and diamond suits
Next by Date: Re: address@hidden: Bug#538338: groff: pdfroff invokes gs insecurely (without -dSAFER)]
Previous by thread: address@hidden: Bug#538330: groff: pdfroff uses (and documents!) insecure temporary files]
Next by thread: address@hidden: Bug#538338: groff: pdfroff invokes gs insecurely (without -dSAFER)]
Index(es):
- Date
- Thread