The tempname_ensure function lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file.
@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
A patch is available here:
@ Maintainer(s): Upstream didn't work on the project since 2007. So let's add Debian's patch to get rid of this vulnerability. I prepared https://github.com/gentoo/gentoo/pull/3579 -- Please comment/approve/decline.
Approved and applied. Thanks!
Author: Matthias Maier <email@example.com>
Date: Mon Jan 23 21:06:31 2017 -0600
app-text/a2ps: drop vulnerable, bug #507024
Package-Manager: Portage-2.3.0, Repoman-2.3.1
Author: Thomas Deutschmann <firstname.lastname@example.org>
Date: Sat Jan 21 17:28:53 2017 +0100
app-text/a2ps: Add patch for CVE-2001-1593 (bug #507024)
Package-Manager: Portage-2.3.3, Repoman-2.3.1
Signed-off-by: Matthias Maier <email@example.com>
@arches, please stabilize.
Stable for HPPA PPC64.
Stable on alpha.
arm stable, all arches done.
@maintainer(s), please clean the vulnerable version.
GLSA Vote: No
Repository is clean, all done.