pkgsrc-changes: CVS commit: pkgsrc/textproc/antiword

Subject: CVS commit: pkgsrc/textproc/antiword
To: None <pkgsrc-changes@NetBSD.org>
From: Lubomir Sedlacik <salo@netbsd.org>
List: pkgsrc-changes
Date: 01/23/2006 14:23:56

Module Name:	pkgsrc
Committed By:	salo
Date:		Mon Jan 23 14:23:56 UTC 2006

Modified Files:
	pkgsrc/textproc/antiword: Makefile distinfo
Added Files:
	pkgsrc/textproc/antiword/patches: patch-ab

Log Message:
Security fix for CVE-2005-3126:

"The kantiword script in antiword allow local users to overwrite arbitrary
files via a symlink attack on temporary output and error files."

Replace the naive mktemp usage with something that actually works.


To generate a diff of this commit:
cvs rdiff -r1.17 -r1.18 pkgsrc/textproc/antiword/Makefile
cvs rdiff -r1.16 -r1.17 pkgsrc/textproc/antiword/distinfo
cvs rdiff -r0 -r1.11 pkgsrc/textproc/antiword/patches/patch-ab

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.