Package: pdf2djvu
Package: didjvu
Tags: security upstream fixed-upstream
Forwarded: https://bitbucket.org/jwilk/pdf2djvu/issue/103
If background of a page is solid but not white, pdf2djvu does the
following to create the background layer:
creates a unique temporary file directly in /tmp (or in $TMPDIR)
passes name of this file to c44(1) as the output file name
Unfortunately, c44 deletes the output file, and then creates a new one
under the same name (without O_EXCL). This opens a race window, during
which malicious local user could create their own file under this name.
This bug was fixed upstream in pdf2djvu 0.7.21:
https://bitbucket.org/jwilk/pdf2djvu/commits/62c3c48098d6
CVE request:
http://www.openwall.com/lists/oss-security/2015/05/09/7
--
Jakub Wilk
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org