Date: Fri, 05 Oct 2012 06:49:41 -0400 From: Marc Deslauriers <marc.deslauriers@...onical.com> To: coley@...us.mitre.org CC: oss-security@...ts.openwall.com Subject: CVE Request: html2ps Hello, I don't believe a CVE was ever assigned to this html2ps flaw in 2009: Directory traversal vulnerability in html2ps before 1.0b7 allows remote attackers to read arbitrary files via directory traversal sequences in SSI directives See: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=548633 https://bugzilla.redhat.com/show_bug.cgi?id=526513 http://packetstormsecurity.org/files/81614/html2ps-1.0-beta5-File-Disclosure.html Thanks, Marc. -- Marc Deslauriers Ubuntu Security Engineer | http://www.ubuntu.com/ Canonical Ltd. | http://www.canonical.com/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.