Bug#548633: html2ps: arbitrary file disclosure in ssi directives
Subject: html2ps: arbitrary file disclosure in ssi directives
Package: html2ps
Version: 1.0b5-5
Severity: grave
Justification: user security hole
Tags: security
*** Please type your report below this line ***
arbitrary file disclosure in ssi directives:
o http://www.packetstormsecurity.org/0909-exploits/html2ps-disclose.txt
-- System Information:
Debian Release: 5.0.3
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686-bigmem (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages html2ps depends on:
ii libhtml-parser- 3.56-1+b1 A collection of modules that parse
ii libpaper-utils 1.1.23+nmu1 library for handling paper charact
ii libwww-perl 5.813-1 WWW client/server library for Perl
ii perl 5.10.0-19lenny2 Larry Wall's Practical Extraction
ii perlmagick 7:6.3.7.9.dfsg2-1~lenny3 Perl interface to the libMagick gr
Versions of packages html2ps recommends:
ii ghostscript-x [gs- 8.62.dfsg.1-3.2lenny1 The GPL Ghostscript PostScript/PDF
ii gs-gpl 8.62.dfsg.1-3.2lenny1 Transitional package
Versions of packages html2ps suggests:
ii ghostscript [posts 8.62.dfsg.1-3.2lenny1 The GPL Ghostscript PostScript/PDF
-- no debconf information
Reply to: