dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place.
bugs.gentoo.org/attachment.cgi?id=135423
bugs.gentoo.org/show_bug.cgi?id=198238
lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
osvdb.org/42238
secunia.com/advisories/27672
secunia.com/advisories/27686
secunia.com/advisories/27718
secunia.com/advisories/27743
secunia.com/advisories/27967
secunia.com/advisories/28107
secunia.com/advisories/28412
secunia.com/advisories/30168
security.gentoo.org/glsa/glsa-200711-26.xml
security.gentoo.org/glsa/glsa-200711-34.xml
security.gentoo.org/glsa/glsa-200805-13.xml
wiki.rpath.com/wiki/Advisories:rPSA-2007-0266
www.mandriva.com/security/advisories?name=MDKSA-2007:230
www.securityfocus.com/archive/1/487984/100/0/threaded
www.securityfocus.com/bid/26469
www.securitytracker.com/id?1019058
www.vupen.com/english/advisories/2007/3896
bugzilla.redhat.com/show_bug.cgi?id=368611
issues.rpath.com/browse/RPL-1928
usn.ubuntu.com/554-1/
www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html