> We, tetex maintainers of Debian, got the bug which said
> that teTeX 2.0 included dvipdfm but a wrapper script
> dvipdft was missing (in the teTeX 2.0 source tree).

When I added dvipdfm to teTeX, I have looked at the dvipdft and found
that it writes to /tmp in an insecure way. Then, just before making the
teTeX-2.0 release, I have forgotten that item...

> Apparently, dvipdft was referenced in a manual page of dvipdfm.
> Is there any chance that dvipdft will be included in teTeX?

Yes, but not the original script. It needs to be fixed for security.


Reply via email to