Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for texlive-bin some time ago. CVE-2007-5935[0]: | Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive | 2007 and earlier allows user-assisted attackers to execute arbitrary | code via a DVI file with a long href tag. CVE-2007-5936[1]: | dvips in teTeX and TeXlive 2007 and earlier allows local users to | obtain sensitive information and modify certain data by creating | certain temporary files before they are processed by dviljk, which can | then be read or modified in place. CVE-2007-5937[2]: | Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive | 2007 and earlier might allow user-assisted attackers to execute | arbitrary code via a crafted DVI input file. Unfortunately the vulnerability described above is not important enough to get it fixed via regular security update in Debian stable. It does not warrant a DSA. However it would be nice if this could get fixed via a regular point update[3]. Please contact the release team for this. This is an automatically generated mail, in case you are already working on an upgrade this is of course pointless. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5935 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5936 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5937 [3] http://www.debian.org/doc/developers-reference/pkgs.html#upload-stable Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
pgpo4POrR6agp.pgp
Description: PGP signature