tags 356988 security
thanks
Hi security team,
this bug wasn't tagged security, so I don't know whether you are aware
of it. I think a DSA might be appropriate.
Cheers,
Stefan
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Tue, Mar 21, 2006 at 11:46:10 +1100, Brian May wrote:
> I noticed your patch to this problem, so I decided to review it.
Thanks.
> It looks good to me. Other solutions are also possible, but your
> solution looks better.
>
> However, I notice the cleanup() routine still calls pclose(...). Thi
Hello,
I noticed your patch to this problem, so I decided to review it.
It looks good to me. Other solutions are also possible, but your
solution looks better.
However, I notice the cleanup() routine still calls pclose(...). This
has me puzzled because no errors are generated, so maybe the clean
On Wed, Mar 15, 2006 at 16:58:10 +1100, Brian May wrote:
> This could be a security issue, if you can run pstotext with an arbitrary
> filename (eg. via swish++ running on some untrusted source).
pstotext currently popen(3)s a command containing a filename supplied by its
caller. The only way to s
Package: pstotext
Version: 1.9-1sarge1
Severity: grave
Justification: user security hole
[EMAIL PROTECTED]:/tmp/deleteme$ pstotext "a'b.ps"
sh: -c: line 1: unexpected EOF while looking for matching `''
sh: -c: line 2: syntax error: unexpected end of file
[EMAIL PROTECTED]:/tmp/deleteme$ mv "a'b.ps
5 matches
Mail list logo
