3 matches found
[SECURITY] [DSA 1220-1] New pstotext packages fix arbitrary shell command execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1220-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 26th, 2006 http://www.debian.org/security/faq -...
CVE-2006-5869
CVE-2006-5869 affects pstotext, a Postscript/PDF text extractor. The root cause is insufficient quoting of file names, enabling user-assisted arbitrary shell command execution via shell metacharacters in a file name. Debian DSA-1220-1 fixes this in pstotext 1.9-1sarge2 (Sarge) and 1.9-4 (Etch/Sid...
[SECURITY] [DSA 1220-1] New pstotext packages fix arbitrary shell command execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 1220-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 26th, 2006 http://www.debian.org/security/faq -...