Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 05 Oct 2012 06:49:41 -0400
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: coley@...us.mitre.org
CC: oss-security@...ts.openwall.com
Subject: CVE Request: html2ps

Hello,

I don't believe a CVE was ever assigned to this html2ps flaw in 2009:

Directory traversal vulnerability in html2ps before 1.0b7 allows remote
attackers to read arbitrary files via directory traversal sequences in
SSI directives

See:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=548633
https://bugzilla.redhat.com/show_bug.cgi?id=526513
http://packetstormsecurity.org/files/81614/html2ps-1.0-beta5-File-Disclosure.html

Thanks,

Marc.



-- 
Marc Deslauriers
Ubuntu Security Engineer     | http://www.ubuntu.com/
Canonical Ltd.               | http://www.canonical.com/

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.