On Fri, Jul 20, 2007 at 11:38:11AM +0200, Cosimo Alfarano wrote: > > On 20 Jul 2007, at 10:45, Zoran Dzelajlija wrote: > >I can work around this easily by renaming the file ;-), but it > >could be a security issue in other cases so I'm tagging it as > >such. > > I'll upload a new version, 0.44, for which concern unstable. > If it is fixed I'll try to backport it in stable, else I'll need to > contact upstream. > > gocr is not run suid, from what I can see it should be a problem only > in case it's used in a restricted shell or similar.
Thanks. AFAIR it can be/is used in fuzzyocr (a plugin for SpamAssassin), but have no idea whether the filenames are normalized in SA or fuzzyocr before invoking gocr. Zoran -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
