(Please CC me on your replies) Hello,
I noticed a (fairly recent CVE) against one of my packages (docvert): http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5147 I'm not exactly sure how one would exploit this given that the affected script literally consists of: cat /var/www/docvert/doc/sample/sample-document.doc | /var/www/docvert/core/lib/pyodconverter/pyodconverter2.py --stream > /tmp/outer.odt (see http://git.debian.org/?p=collab-maint/docvert.git;a=blob;f=core/lib/pyodconverter/test-pipe-to-pyodconverter.org.sh;hb=master) I was wondering if you think it's worth issuing a security advisory for. I will remove that (unused) script from the next upload of the package. Cheers, Francois _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
