==========================================================Ubuntu Security Notice USN-194-1 October 06, 2005
texinfo vulnerability CAN-2005-3011
A security issue affects the following Ubuntu releases:
The problem can be corrected by upgrading the affected package to
version 4.6-1ubuntu1.1 (for Ubuntu 4.10), or 4.7-2.2ubuntu1.1 (for
Ubuntu 5.04). In general, a standard system upgrade is sufficient to
effect the necessary changes.
Frank Lichtenheld discovered that the "texindex" program created
temporary files in an insecure manner. This could allow a symlink
attack to create or overwrite arbitrary files with the privileges of
the user running texindex.