From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.43)
	id 1Dxp2d-0005zH-T1
	for garchives@archives.gentoo.org; Wed, 27 Jul 2005 16:46:00 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j6RGj3aH014715;
	Wed, 27 Jul 2005 16:45:03 GMT
Received: from skinny.southernlinux.net (ns2.rednecks.net [64.192.52.5])
	by robin.gentoo.org (8.13.4/8.13.4) with ESMTP id j6RGh1se015412
	for <gentoo-dev@lists.gentoo.org>; Wed, 27 Jul 2005 16:43:02 GMT
Received: (qmail 7785 invoked by uid 210); 27 Jul 2005 12:41:05 -0400
Received: from 10.10.10.188 by skinny (envelope-from <solar@gentoo.org>, uid 201) with qmail-scanner-1.25st 
 (clamdscan: 0.82/993. f-prot: 4.4.2/3.14.11. spamassassin: 3.0.2. perlscan: 1.25st.  
 Clear:RC:1(10.10.10.188):. 
 Processed in 0.089591 secs); 27 Jul 2005 16:41:05 -0000
Received: from unknown (HELO ?10.10.10.188?) (10.10.10.188)
  by 0 with SMTP; 27 Jul 2005 12:41:04 -0400
Subject: Re: [gentoo-dev] app-text/pstotext in danger of becoming security
	masked
From: Ned Ludd <solar@gentoo.org>
To: gentoo-dev@lists.gentoo.org
In-Reply-To: <42E75275.5040200@gentoo.org>
References: <42E75275.5040200@gentoo.org>
Content-Type: text/plain
Date: Wed, 27 Jul 2005 12:39:28 -0400
Message-Id: <1122482368.13892.28.camel@localhost>
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
Mime-Version: 1.0
X-Mailer: Evolution 2.2.1.1 
Content-Transfer-Encoding: 7bit
X-Archives-Salt: 24be3d78-5010-4c6d-8b42-3868a834d8cd
X-Archives-Hash: a4edf2e40ff33dc16495241ef082cc25

On Wed, 2005-07-27 at 11:23 +0200, Stefan Cornelius wrote:
> app-text/pstotext has a serious remote vulnerability that allows to
> execute arbitrary commands on a vulnerable system.  It appears to be
> unmaintained at the moment.
> 
> If anyone out there is able to take this on and patch it (honestly,
> patch is small), that would be much appreciated, the bug number is
> 100245.  Otherwise, it's our intent to security mask the package in the
> next 24 hours.

fixed

> 
> Thanks in advance,
> Stefan
-- 
Ned Ludd <solar@gentoo.org>

-- 
gentoo-dev@gentoo.org mailing list