PublicDate: 2007-12-15 01:46:00 UTC
Candidate: CVE-2007-6358
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6358
 https://ubuntu.com/security/notices/USN-563-1
Description:
 pdftops.pl before 1.20 in alternate pdftops filter allows local users to
 overwrite arbitrary files via a symlink attack on the pdfin.[PID].tmp
 temporary file, which is created when pdftops reads a PDF file from stdin,
 such as when pdftops is invoked by CUPS.
Ubuntu-Description:
Notes:
 jdstrand> from Debian:
   NOTE: the debian package is a bit confusing here as it also ships a pdftops
   NOTE: wrapper script as an example but the original script is installed
   NOTE: under /usr/lib/cups/filters
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=456960
Priority: low
Discovered-by:
Assigned-to: kees
CVSS: 
upstream_cupsys: released (1.3.5-1)
dapper_cupsys: released (1.2.2-0ubuntu0.6.06.6)
edgy_cupsys: released (1.2.4-2ubuntu3.2)
feisty_cupsys: released (1.2.8-0ubuntu8.2)
gutsy_cupsys: released (1.3.2-1ubuntu7.3)
devel_cupsys: not-affected