COMMAND

    htdig

SYSTEMS AFFECTED

    Debian GNU/Linux 2.1

PROBLEM

    Following is based  on Debian Security  Advisory.  The  version of
    htdig that was shipped in Debian GNU/Linux 2.1 has a problem  with
    calling external programs to  handle non-HTML documents: it  calls
    the external program  with the document  as a parameter,  but does
    not check for  shell escapes.   This can be  exploited by creating
    files with filenames that  include shell escapes to  run arbitraty
    commands on the machine that runs htdig.

SOLUTION

    This has been fixed in version 3.1.2-4slink6.