Package: texlive-extra-utils Version: 2011.20120322-1 Severity: important File: /usr/bin/latex2man Tags: security
The latex2man utility generates predictable filenames in /tmp: | $tmp = "/tmp/$CMD.$$"; For the issue to be exploitable the program must be invoked with either the -H or the -T option. An attacker can use a symbolic link to redirect the writes to an arbitrary file owned by the invoking user. Helmut -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
