LogoopenSUSE Build Service > Request 245238
Sign Up | Log In

Request 245238 (accepted)

  * Deleted:

Submit package home:sfalken:branches:Publishing / a2ps to package Publishing / a2ps

[-] [+] Changed a2ps.changes

Mentioned Issues (2)

The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file.

There's nothing to be done right now

Request History

Shawn Dunn sfalken created request about 2 years ago
  * Deleted:
Tomáš Chvátal scarabeus_factory Request got declined about 2 years ago
Deleted or removed its the same, but it fails on Factory anyway so I ought to decline.
Dr. Werner Fink WernerFink Request got reviewed about 2 years ago
Sorry but this is a consecutive fault due missing texi2html due broken texinfo package.  Do not decline but revert the broken texinfo package
Tomáš Chvátal scarabeus_factory Request got accepted about 2 years ago
Ah ok, well then I don't see reason why not merge this.

Comments for request 245238 (0)