diff options
author | simon <simon@FreeBSD.org> | 2004-12-31 01:55:08 +0800 |
---|---|---|
committer | simon <simon@FreeBSD.org> | 2004-12-31 01:55:08 +0800 |
commit | a6a61cead7eb72c836c4f743aeb1d4e8ccb10c88 (patch) | |
tree | 96ba0ea2cd5c9c0d6d38a78ed6acc3c60321caa4 | |
parent | 6ba40cfacc287ffd021a13e663564a5428e0658b (diff) | |
download | freebsd-ports-gnome-a6a61cead7eb72c836c4f743aeb1d4e8ccb10c88.tar.gz freebsd-ports-gnome-a6a61cead7eb72c836c4f743aeb1d4e8ccb10c88.tar.zst freebsd-ports-gnome-a6a61cead7eb72c836c4f743aeb1d4e8ccb10c88.zip |
Document insecure temporary file creation in a2ps.
-rw-r--r-- | security/vuxml/vuln.xml | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 25572f601fa6..d8a6a9119246 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,35 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="9168253c-5a6d-11d9-a9e7-0001020eed82"> + <topic>a2ps -- insecure temporary file creation</topic> + <affects> + <package> + <name>a2ps-a4</name> + <name>a2ps-letter</name> + <name>a2ps-letterdj</name> + <range><lt>4.13b_3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>A Secunia Security Advisory reports that Javier + Fernández-Sanguino Peña has found temporary file + creation vulnerabilities in the fixps and psmandup scripts + which are part of a2ps. These vulnerabilities could lead to + an attacker overwriting arbitrary files with the credentials + of the user running the vulnerable scripts.</p> + </body> + </description> + <references> + <url>http://secunia.com/advisories/13641/</url> + </references> + <dates> + <discovery>2004-12-27</discovery> + <entry>2004-12-30</entry> + </dates> + </vuln> + <vuln vid="64c8cc2a-59b1-11d9-8a99-000c6e8f12ef"> <topic>libxine -- buffer-overflow vulnerability in aiff support</topic> <affects> |