Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE Request: html2ps
From: Moritz Muehlenhoff <jmm () debian org>
Date: Sun, 7 Oct 2012 11:29:48 +0200

On Fri, Oct 05, 2012 at 12:43:55PM -0600, Kurt Seifried wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/05/2012 04:49 AM, Marc Deslauriers wrote:
Hello,

I don't believe a CVE was ever assigned to this html2ps flaw in
2009:

Directory traversal vulnerability in html2ps before 1.0b7 allows
remote attackers to read arbitrary files via directory traversal
sequences in SSI directives

See:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=548633 
https://bugzilla.redhat.com/show_bug.cgi?id=526513 
http://packetstormsecurity.org/files/81614/html2ps-1.0-beta5-File-Disclosure.html

 Thanks,

Marc.

Please use CVE-2009-5067 for this issue.

BTW if anyone wants to go through the Red Hat Bugzilla and make sure
all the security have CVE's assigned feel free to contact me and I can
let you know the easiest way to get the data/check it =).

Likewise for the Debian Security Tracker:
http://security-tracker.debian.org/tracker/data/fake-names contains
a list of all tracked issues without a CVE reference (most of this
is historic, of course)

Cheers,
        Moritz


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]