oss-sec mailing list archives
Re: CVE id request: groff (pdfroff)
From: Tomas Hoger <thoger () redhat com>
Date: Mon, 10 Aug 2009 15:47:43 +0200
On Sun, 9 Aug 2009 15:48:17 +0200 Nico Golde <oss-security+ml () ngolde de> wrote:
First one: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538330 pdfroff tool of groff is creating files in a insecure manner in the /tmp directory. Second: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538338 pdfroff tool of groff is calling ghostscript with the -dSAFER command line option.
Looking into groff's NEWS file, pdfroff was added in version 1.19.2, so that may be used as "first affected" in CVE description: http://cvs.savannah.gnu.org/viewvc/groff/groff/NEWS?view=markup -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- CVE id request: groff (pdfroff) Nico Golde (Aug 09)
- Re: CVE id request: groff (pdfroff) Tomas Hoger (Aug 10)
- Re: CVE id request: groff (pdfroff) Solar Designer (Aug 14)
- Re: CVE id request: groff (pdfroff) Nico Golde (Aug 14)
