Re: [SECURITY] [DSA 575-1] New catdoc packages fix temporary file vulnerability
On Thu, 2004-10-28 at 15:58 +0200, Martin Schulze wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - --------------------------------------------------------------------------
> Debian Security Advisory DSA 575-1 security@debian.org
> http://www.debian.org/security/ Martin Schulze
> October 28th, 2004 http://www.debian.org/security/faq
> - --------------------------------------------------------------------------
>
> Package : catdoc
> Vulnerability : insecure temporary file
> Problem-Type : local
> Debian-specific: no
> CVE ID : CAN-2003-0193
> Debian Bug : 183525
>
> A temporary file problem has been discovered in xlsview from the
> catdoc suite, convertors from Word to TeX and plain text, which could
> lead to local users being able to overwrite arbitrary files via a
> symlink attack on predictable temporary file names.
>
> For the stable distribution (woody) this problem has been fixed in
> version 0.91.5-1.woody3.
>
> For the unstable distribution (sid) this problem has been fixed in
> version 0.91.5-2.
>
> We recommend that you upgrade your catdoc package.
[ ... ]
Hi
I tried to find the package you were reporting about, and I could not
find it anywhere in the Debian repositories:
<http://packages.debian.org/cgi-bin/search_packages.pl?version=all&subword=1&exact=&arch=any&releases=all&case=insensitive&keywords=catdog&searchon=all>
Actually there is neither an xlsview nor a catdog reference in the
Debian repositories, or that's at least what the Debian packages search
engine makes me believe. Provided I didn't make a mistake ...
The problem above is one I sometimes run into the last time, IIRC, when
trying to read your reports: So this time I thought I 'll write
you ... :)
What I really would need would be understandable information on which
Debian packages are concerned in respect of security issues ...
Thanks a lot in anticipation for considering the above.
And thanks a lot for countless lots of instances where your work helped
me maintain my OS secure.
Thanks again.
Best Regards
Wolfgang
--
Wolfgang Pfeiffer gpg ID: 0AA7E825
Profile, links: http://profiles.yahoo.com/wolfgangpfeiffer
Reply to: