CVE-2004-1377

Name	CVE-2004-1377
Description	The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs	286385, 286387

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
a2ps (PTS)	bullseye	1:4.14-7	fixed
	bookworm	1:4.14-8	fixed
	trixie	1:4.15.6-1	fixed
	forky, sid	1:4.15.7-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
a2ps	source	(unstable)	1:4.13b-4.3			286385, 286387