* Martin Schulze wrote: > -------------------------------------------------------------------------- > Debian Security Advisory DSA 945-1 [EMAIL PROTECTED] > http://www.debian.org/security/ Martin Schulze > January 17th, 2006 http://www.debian.org/security/faq > -------------------------------------------------------------------------- > > Package : antiword > Vulnerability : insecure temporary file > Problem type : local > Debian-specific: no > CVE ID : CVE-2005-3126 > > Javier Fernández-Sanguino Peña from the Debian Security Audit project > discovered that two scripts in antiword, utilities to convert Word > files to text and Postscript, create a temporary file in an insecure > fashion. > > For the old stable distribution (woody) these problems have been fixed in > version 0.32-2woody0.
I have reported this problem on Tue, 16 Nov 2004, bug ID #281656. As the qouting of $out_file and $err_file is still insufficient, the fix solves #281656 only partially. Stefan Wiens
