Subject: Re: GLSA: groff (fwd)
To: Ed Ravin <firstname.lastname@example.org>
From: Jeremy C. Reed <email@example.com>
Date: 10/21/2002 15:39:49
On Mon, 21 Oct 2002, Ed Ravin wrote:
> > Remote exploitation may be possible if lpd is running and is accessible
> > remotely, and the attacker knows the name of the printer and spoolfile.
The Gentoo announcement doesn't really say what the bug is.
I believe this is the same:
NetBSD Security Advisory 2002-022: buffer overrun in pic(1)
NetBSD had some fixed on September 28 :)
It looks like pkgsrc/textproc/groff/ needs to be updated though.
Jeremy C. Reed