Re: [SECURITY] [DSA 575-1] New catdoc packages fix temporary file vulnerability
On Thu, 2004-10-28 at 19:32 +0200, Wolfgang Pfeiffer wrote:
> On Thu, 2004-10-28 at 15:58 +0200, Martin Schulze wrote:
> > A temporary file problem has been discovered in xlsview from the
> > catdoc suite, convertors from Word to TeX and plain text, which could
> > lead to local users being able to overwrite arbitrary files via a
> > symlink attack on predictable temporary file names.
> > We recommend that you upgrade your catdoc package.
> I tried to find the package you were reporting about, and I could not
> find it anywhere in the Debian repositories:
Not all together surprising if that's the search you tried.
> Actually there is neither an xlsview nor a catdog reference in the
> Debian repositories, or that's at least what the Debian packages search
> engine makes me believe. Provided I didn't make a mistake ...
You did indeed make a mistake. The advisory isn't related to a package
called "catdo*g*". catdoc, otoh, exists in stable, testing and unstable.