Re: [SECURITY] [DSA 575-1] New catdoc packages fix temporary file vulnerability

["Adam D. Barratt" <debian-security@adam-barratt.org.uk>]

On Thu, 2004-10-28 at 19:32 +0200, Wolfgang Pfeiffer wrote:
> On Thu, 2004-10-28 at 15:58 +0200, Martin Schulze wrote:
[...]
> > A temporary file problem has been discovered in xlsview from the
> > catdoc suite, convertors from Word to TeX and plain text, which could
> > lead to local users being able to overwrite arbitrary files via a
> > symlink attack on predictable temporary file names.
> >[...] 
> > We recommend that you upgrade your catdoc package.
[...]
> I tried to find the package you were reporting about, and I could not
> find it anywhere in the Debian repositories:
> 
> <http://packages.debian.org/cgi-bin/search_packages.pl?version=all&subword=1&exact=&arch=any&releases=all&case=insensitive&keywords=catdog&searchon=all>

Not all together surprising if that's the search you tried.

> Actually there is neither an xlsview nor a catdog reference in the
> Debian repositories, or that's at least what the Debian packages search
> engine makes me believe. Provided I didn't make a mistake ...

You did indeed make a mistake. The advisory isn't related to a package
called "catdo*g*". catdoc, otoh, exists in stable, testing and unstable.

Regards,

Adam