Subject: html2ps: arbitrary file disclosure in ssi directives Package: html2ps Version: 1.0b5-5 Severity: grave Justification: user security hole Tags: security
*** Please type your report below this line *** arbitrary file disclosure in ssi directives: o http://www.packetstormsecurity.org/0909-exploits/html2ps-disclose.txt -- System Information: Debian Release: 5.0.3 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686-bigmem (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages html2ps depends on: ii libhtml-parser- 3.56-1+b1 A collection of modules that parse ii libpaper-utils 1.1.23+nmu1 library for handling paper charact ii libwww-perl 5.813-1 WWW client/server library for Perl ii perl 5.10.0-19lenny2 Larry Wall's Practical Extraction ii perlmagick 7:6.3.7.9.dfsg2-1~lenny3 Perl interface to the libMagick gr Versions of packages html2ps recommends: ii ghostscript-x [gs- 8.62.dfsg.1-3.2lenny1 The GPL Ghostscript PostScript/PDF ii gs-gpl 8.62.dfsg.1-3.2lenny1 Transitional package Versions of packages html2ps suggests: ii ghostscript [posts 8.62.dfsg.1-3.2lenny1 The GPL Ghostscript PostScript/PDF -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
