noweb 2.10c and earlier allows local users to overwrite arbitrary files via symlink attacks on temporary files in (1) lib/toascii.nw and (2) shell/roff.mm.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | noweb | < 2.10c-3.2 | noweb_2.10c-3.2_all.deb |
Debian | 11 | all | noweb | < 2.10c-3.2 | noweb_2.10c-3.2_all.deb |
Debian | 10 | all | noweb | < 2.10c-3.2 | noweb_2.10c-3.2_all.deb |
Debian | 999 | all | noweb | < 2.10c-3.2 | noweb_2.10c-3.2_all.deb |
Debian | 13 | all | noweb | < 2.10c-3.2 | noweb_2.10c-3.2_all.deb |