Candidate: CVE-2009-5081
PublicDate: 2011-06-30 15:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5081
Description:
 The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3)
 contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and
 earlier use an insufficient number of X characters in the template argument
 to the tempfile function, which makes it easier for local users to
 overwrite arbitrary files via a symlink attack on a temporary file, a
 different vulnerability than CVE-2004-0969.
Ubuntu-Description:
Notes:
 jdstrand> only exloitable in the build
 jdstrand> Debian CVE tracker lists this as fixed in 1.20.1-5, but it is not
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_groff:
upstream_groff: needs-triage
hardy_groff: ignored
lucid_groff: ignored
maverick_groff: ignored
natty_groff: ignored
oneiric_groff: ignored
devel_groff: ignored