Comment 0 for bug 11320

Package: groff
Version: 1.18.1.1-3
Priority: important
Tags: security

The eqn2graph script does not protect itself from temporary filename
attacks since it creates file in an insecure manner (the process PID
is not suffient to avoid and attack) and does not check
if the temporary file it uses exists before using them.

The attached patch fixes this behaviour.

Regards

Javier

PS: I initially reported this to the security team back in June,
but have not found time to follow up on this issue until today.
Security team, please check
Resent-Message-ID: <email address hidden>