from DSA 945-1: Javier Fern
from DSA 945-1: Javier Fernández-Sanguino Peña from the Debian Security Audit project discovered that two scripts in antiword, utilities to convert Word files to text and Postscript, create a temporary file in an insecure fashion. 0.36.1 is affected as well and the relevant parts of the patch below should apply. http://security.debian.org/pool/updates/main/a/antiword/antiword_0.35-2sarge1.diff.gz
Seemant please provide an updated ebuild.
Created attachment 77417 [details] updated ebuild updated ebuild -- see distfiles in /space/distfiles-local on toucan
Sune: there it is.
Actually, it's committed into cvs. Please test and mark stable as appropriate.
Arches please test and mark stable Target KEYWORDS="alpha amd64 ~hppa ppc ~ppc-macos ppc64 sparc x86"
ppc stable
stable on ppc64
sparc stable.
Stable on x86
amd64 stable
alpha stable. Sorry about the delay :(
glsa vote for this one, tend to say yes.
background: only the wrapper script to make drag and drop work for KDE1 users is affected, ie if you use antiword from command line or in KDE3, you're safe. so, as very few users are likely to be affected, i would vote NO.
Correcting my vote to a no and closing the bug as fixed with no glsa. As always, feel free to reopen if you disagree.