Re: CVE Request: html2ps

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/05/2012 04:49 AM, Marc Deslauriers wrote:
> Hello,
>
> I don't believe a CVE was ever assigned to this html2ps flaw in
> 2009:
>
> Directory traversal vulnerability in html2ps before 1.0b7 allows
> remote attackers to read arbitrary files via directory traversal
> sequences in SSI directives
>
> See:
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=548633 
> https://bugzilla.redhat.com/show_bug.cgi?id=526513 
> http://packetstormsecurity.org/files/81614/html2ps-1.0-beta5-File-Disclosure.html
>
>  Thanks,
>
> Marc.

Please use CVE-2009-5067 for this issue.

BTW if anyone wants to go through the Red Hat Bugzilla and make sure
all the security have CVE's assigned feel free to contact me and I can
let you know the easiest way to get the data/check it =).

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQbyprAAoJEBYNRVNeJnmTPfkQAKeL2IIYwfjjFD6f+373PVrz
nwiuWxFcZmm46b9OJtMR5lG5DHY7NJ6V2Tz20/pcVoY6qTQvTVhR/MWuUXsUhdW8
/uSI5BrrqUizQfxZ1tNg0jrONHsTGOdt/jZpJk6WS6/61IXE382XeMwOyzupk3g7
so8M2PVjGqVrHdAXhMfI/FgpPDVydh5P4J3580sK+y7eqljIyi9a4LzAxkfvDpwN
aQqytHSirT/5WAfOwjU/gJgG+jrxvO7C/creEbOGTuWsC/+0HGO4FZygXUBQmLyx
P3T6x/+EIJ/kJvYlv1Y6QT7jzIHeNuFGT5bZvQCOEUWwM/5+Ztw4t5tWj6DQhcY4
14VaVlSkQE4LgIBajtwLU2K0BDSOY1s72cvO6QQ86yYFVSP4V75ev6HMsqKWSUg1
6SeRjtheVhKmX0Gh2Fru0GzpapX/CgRSiRoX85A5UcLK0yl/YrG0lX7O3eMUxZCZ
xJ4sUQyxMJi1Sac0IC7hDG3w8Hkw1Zab+XpuYNlr8QCm4rjpJwmbRbNzzBZznzCH
U4MhsG3SAOm0jmnnfCz65GdSqNbndWrL3LZre6+ehG+6lYXLvefczBveOAaXkP/a
bxBqt7scQXcgasajaBA3k3KUSjZz4frPTmDGFNt20y366E637kSsnKSyWXWABPwR
1GE3UwZeKlwdHKx9+DT0
=3Vq9
-----END PGP SIGNATURE-----