aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorsimon <simon@FreeBSD.org>2004-12-31 01:55:08 +0800
committersimon <simon@FreeBSD.org>2004-12-31 01:55:08 +0800
commita6a61cead7eb72c836c4f743aeb1d4e8ccb10c88 (patch)
tree96ba0ea2cd5c9c0d6d38a78ed6acc3c60321caa4
parent6ba40cfacc287ffd021a13e663564a5428e0658b (diff)
downloadfreebsd-ports-gnome-a6a61cead7eb72c836c4f743aeb1d4e8ccb10c88.tar.gz
freebsd-ports-gnome-a6a61cead7eb72c836c4f743aeb1d4e8ccb10c88.tar.zst
freebsd-ports-gnome-a6a61cead7eb72c836c4f743aeb1d4e8ccb10c88.zip
Document insecure temporary file creation in a2ps.
-rw-r--r--security/vuxml/vuln.xml29
1 files changed, 29 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 25572f601fa6..d8a6a9119246 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -32,6 +32,35 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="9168253c-5a6d-11d9-a9e7-0001020eed82">
+ <topic>a2ps -- insecure temporary file creation</topic>
+ <affects>
+ <package>
+ <name>a2ps-a4</name>
+ <name>a2ps-letter</name>
+ <name>a2ps-letterdj</name>
+ <range><lt>4.13b_3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>A Secunia Security Advisory reports that Javier
+ Fern&#225;ndez-Sanguino Pe&#241;a has found temporary file
+ creation vulnerabilities in the fixps and psmandup scripts
+ which are part of a2ps. These vulnerabilities could lead to
+ an attacker overwriting arbitrary files with the credentials
+ of the user running the vulnerable scripts.</p>
+ </body>
+ </description>
+ <references>
+ <url>http://secunia.com/advisories/13641/</url>
+ </references>
+ <dates>
+ <discovery>2004-12-27</discovery>
+ <entry>2004-12-30</entry>
+ </dates>
+ </vuln>
+
<vuln vid="64c8cc2a-59b1-11d9-8a99-000c6e8f12ef">
<topic>libxine -- buffer-overflow vulnerability in aiff support</topic>
<affects>