Subject: pkg/18522: gv has security issue
To: None <>
From: None <>
List: netbsd-bugs
Date: 10/03/2002 09:49:37
>Number:         18522
>Category:       pkg
>Synopsis:       gv can execute arbitary shell commands
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Thu Oct 03 09:51:02 PDT 2002
>Release:        NetBSD 1.6
System: NetBSD 1.6 NetBSD 1.6 (JCR-20020927) #3: Sat Sep 28 13:40:20 PDT 2002 i386
Architecture: i386
Machine: i386
I read a few security advisories that say that a filename
could contain a malicious filename that can be executed by system().
cp some.pdf to "xxx & echo hello & xxx"
gv "xxx & echo hello & xxx"
The advisory at
contains a suggested patch.
Please consider adding patch for pkgsrc/print/gv
and add to packages vulnerabilitie list.