Subject: Re: GLSA: groff (fwd)
To: Ed Ravin <eravin@panix.com>
From: Jeremy C. Reed <reed@reedmedia.net>
List: tech-security
Date: 10/21/2002 15:39:49
On Mon, 21 Oct 2002, Ed Ravin wrote:

> > Remote exploitation may be possible if lpd is running and is accessible
> > remotely, and the attacker knows the name of the printer and spoolfile.

The Gentoo announcement doesn't really say what the bug is.

I believe this is the same:

NetBSD Security Advisory 2002-022: buffer overrun in pic(1)

NetBSD had some fixed on September 28 :)

It looks like pkgsrc/textproc/groff/ needs to be updated though.

   Jeremy C. Reed
   http://bsd.reedmedia.net/