https://bugzilla.novell.com/show_bug.cgi?id=459031 User meissner@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=459031#c3 --- Comment #3 from Marcus Meissner <meissner@novell.com> 2009-01-07 13:20:41 MST --- from oss-sec: Martin Väth also discovered an untrusted search path vulnerability in the pdfjam scripts: They prepend . to PATH, allowing attackers to execute code by preparing executables (e.g. sed) in the directory pdfnup was run from or in /var/tmp (e.g. pdflatex, cp, rm). Martin also prepared a patch, see: https://bugs.gentoo.org/show_bug.cgi?id=252734 Please assign another CVE for this issue. Robert -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.