-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
>> https://bugzilla.redhat.com/show_bug.cgi?id=1060630#c5
>> * Mon Feb 12 2001 Tim Waugh
>> - Fix tmpfile security patch so that it actually _works_ (bug #27155).
>> And notes
>> http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4.13-security.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> https://bugzilla.redhat.com/show_bug.cgi?id=1060630#c5
>
> * Fri Jan 05 2001 Preston Brown
> - security patch for tmpfile creation from Olaf Kirch
>
> followed the next month by a fix to that patch:
>
> * Mon Feb 12 2001 Tim Waugh
> - Fix tmpfi
Hello,
Jakub Wilk found that a2ps, a tool to convert text and other types of
files to PostScript, insecurely used a temporary file in spy_user(). A
local attacker could use this flaw to perform a symbolic link attack to
modify an arbitrary file accessible to the user running a2ps:
http://bugs.deb
3 matches
Mail list logo
