On Sun, Aug 28, 2011 at 12:16:49PM -0400, Michael Gilbert wrote:
> On Sun, 28 Aug 2011 16:44:48 +0100 Jonathan Wiltshire wrote:
> I'll get this done when I get a chance. Once these are prepared will you be
> willing to sponsor the upload? I'm just a lowly DM right now.
Yes, please upload to ment
On Sun, 28 Aug 2011 16:44:48 +0100 Jonathan Wiltshire wrote:
> Package: xpdf
> Followup-For: Bug #635849
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Dear maintainer,
>
> Recently you fixed one or more security problems and as a result you closed
> this bug. These problems were not s
Package: xpdf
Followup-For: Bug #635849
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dear maintainer,
Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixi
Vincent Lefevre wrote:
> One can even execute commands up to 3 characters! e.g.
Oh, I see. I also just realized that the single-letter file name to delete can
be *
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...
On 2011-07-28 23:51:02 -0400, Chung-chieh Shan wrote:
> Using a crafted .pdf.gz file name (which could be sent from a Web
> server to a browser, for example), xpdf can be fooled into deleting an
> unrelated file as long as its name is a single letter.
One can even execute commands up to 3 characte
Package: xpdf
Version: 3.02-18
Severity: critical
Justification: causes serious data loss
Using a crafted .pdf.gz file name (which could be sent from a Web
server to a browser, for example), xpdf can be fooled into deleting an
unrelated file as long as its name is a single letter.
$ touch y
6 matches
Mail list logo
