[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 575-1] New catdoc packages fix temporary file vulnerability

On Thu, 2004-10-28 at 15:58 +0200, Martin Schulze wrote:
> Hash: SHA1
> - --------------------------------------------------------------------------
> Debian Security Advisory DSA 575-1                     security@debian.org
> http://www.debian.org/security/                             Martin Schulze
> October 28th, 2004                      http://www.debian.org/security/faq
> - --------------------------------------------------------------------------
> Package        : catdoc
> Vulnerability  : insecure temporary file
> Problem-Type   : local
> Debian-specific: no
> CVE ID         : CAN-2003-0193
> Debian Bug     : 183525
> A temporary file problem has been discovered in xlsview from the
> catdoc suite, convertors from Word to TeX and plain text, which could
> lead to local users being able to overwrite arbitrary files via a
> symlink attack on predictable temporary file names.
> For the stable distribution (woody) this problem has been fixed in
> version 0.91.5-1.woody3.
> For the unstable distribution (sid) this problem has been fixed in
> version 0.91.5-2.
> We recommend that you upgrade your catdoc package.

                            [ ... ]


I tried to find the package you were reporting about, and I could not
find it anywhere in the Debian repositories:


Actually there is neither an xlsview nor a catdog reference in the
Debian repositories, or that's at least what the Debian packages search
engine makes me believe. Provided I didn't make a mistake ...

The problem above is one I sometimes run into the last time, IIRC, when
trying to read your reports: So this time I thought I 'll write
you ... :)

What I really would need would be understandable information on which
Debian packages are concerned in respect of security issues ... 

Thanks a lot in anticipation for considering the above.

And thanks a lot for countless lots of instances where your work helped
me maintain my OS secure.
Thanks again.

Best Regards
Wolfgang Pfeiffer                           gpg ID: 0AA7E825 
Profile, links: http://profiles.yahoo.com/wolfgangpfeiffer

Reply to: