if it is not know problem, thiery, please can you create new man package? new version fixes security bug:
----- Forwarded message from Jack Lloyd <[EMAIL PROTECTED]> ----- > Date: Tue, 11 Mar 2003 13:24:01 -0500 (EST) > From: Jack Lloyd <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: Vulnerability in man < 1.5l > Organization: JHU ACM/CS/SRL > > man 1.5l was released today, fixing a bug which results in arbitrary code > execution upon reading a specially formatted man file. The basic problem > is, upon finding a string with a quoting problem, the function my_xsprintf > in util.c will return "unsafe" (rather than returning a string which could > be interpreted by the shell). This return value is passed directly to > system(3) - meaning if there is any program named `unsafe`, it will execute > with the privs of the user. > [del] ----- End forwarded message -----
pgp00000.pgp
Description: PGP signature
