Hi,
This bug also affects Google Go. There's even a thread on it:
http://groups.google.com/group/golang-nuts/browse_thread/thread/8fbca530e835a9ce
--
Grzegorz Żur
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas
Package: cups-pdf
Version: 2.4.2-1
Severity: critical
Justification: root security hole
Tags: security
Unprivileged user can execute /usr/lib/cups/backend/cups-pdf to read
parts of any file. End of file is printed by Ghostscript in error report.
Execution of this command as unprivileged user
Volker Christian Behr wrote:
I am the CUPS-PDF developer. Though I am not using Debian I am quite
confused by this behaviour: CUPS-PDF is supposed to be mode 700 on CUPS
v1.2.x environments (so unprivileged users should not even be able to
execute it). Furthermore CUPS-PDF is explicitely not
3 matches
Mail list logo
