Package: psutils Version: 1.17.dfsg-4 Severity: important extractres(1) does various funny things if a filename contains characters that are not usually used in filenames:
$ touch '>t0.ps' $ ls -l total 0 -rw-rw-r-- 1 zefram zefram 0 Jul 17 00:25 '>t0.ps' $ extractres '>t0.ps' $ ls -l total 0 -rw-rw-r-- 1 zefram zefram 0 Jul 17 00:25 '>t0.ps' -rw-rw-r-- 1 zefram zefram 0 Jul 17 00:25 t0.ps $ touch ' t1.ps' $ extractres ' t1.ps' Can't open t1.ps: No such file or directory at /usr/bin/extractres line 53. $ These arise from its use of the <> Perl operator, which is not suitable for the implementation of a read-from-list-of-files kind of command. Because the range of misbehaviour includes writing to arbitrary files and running arbitrary commands, this is a more severe bug than normal. -zefram
