On Tue Sep 09, 2014 at 12:52:38 +0300, Henri Salo wrote:
> Have you requested CVE already? If you want I can verify this issue and create
> the request.
I have not, the lack of update to the bug report made it slip my mind.
If you'd like to confirm the issues, which shouldn't be hard, and
r
Package: xcfa
Version: 4.3.1-1
Severity: important
Tags: security
xcfa contains several insecure uses of temporary files.
For example the file src/get_info.c has code to test that
curl is present, in the function GetInfo_wget which
essentially runs:
wget --user-agent=\"Mozilla 22.0\" --
Package: lives
Version: 1.6.2
Severity: important
Tags: security
lives contains a perl script, smogrify, which is what does
a lot of the work.
I don't want to point out line-by-line all the issues in the
smogrify script, but please consider significantly overhauling it.
There are numerous inse
