-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Fri, 5 May 2006 17:09:48 +0200 Source: pstotext Binary: pstotext Architecture: source i386 Version: 1.9-3 Distribution: unstable Urgency: high Maintainer: J.H.M. Dassen (Ray) <jdassen@debian.org> Changed-By: J.H.M. Dassen (Ray) <jdassen@debian.org> Description: pstotext - Extract text from PostScript and PDF files Closes: 356988 Changes: pstotext (1.9-3) unstable; urgency=high . * [main.c] Security fix. popen(3) was being used in a construct which could did not perform sufficient cleanup/quoting of filenames; these filenames could come from untrusted sources like a web indexing service and could thus be misused to execute shell code as the user running pstotext. The use of popen(3) has been replaced by an explicit fork/pipe construct which does not involve the use of a shell. (Closes: #356988) * [debian/control] Change the non-virtual package suggestion for the dependency on the "gs" virtual package to gs-gpl as gs-aladdin has become a transitional package. * [debian/control] Updated Standards-Version. Files: 1a601f83c3461e09af5d08546fe73424 554 text optional pstotext_1.9-3.dsc 537914be4b8e09203b0020262be4404e 9045 text optional pstotext_1.9-3.diff.gz 4c3447207f721bcde1afe116ce1f89f4 32604 text optional pstotext_1.9-3_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEW24TIwmOUm50p9ERAnb9AKCh/djALjSnFy+jGRPtROC4U7hVHwCg6VRP jMAzbBlAmSkZZMORwk/DZX4= =VIKG -----END PGP SIGNATURE----- Accepted: pstotext_1.9-3.diff.gz to pool/main/p/pstotext/pstotext_1.9-3.diff.gz pstotext_1.9-3.dsc to pool/main/p/pstotext/pstotext_1.9-3.dsc pstotext_1.9-3_i386.deb to pool/main/p/pstotext/pstotext_1.9-3_i386.deb
