Package: texlive-extra-utils Version: 2011.20120322-1 Severity: important File: /usr/bin/latex2man Tags: security The latex2man utility generates predictable filenames in /tmp: | $tmp = "/tmp/$CMD.$$"; For the issue to be exploitable the program must be invoked with either the -H or the -T option. An attacker can use a symbolic link to redirect the writes to an arbitrary file owned by the invoking user. Helmut