Bug#909317: texlive-bin: buffer overflow (DSA-4299-1)

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#909317: texlive-bin: buffer overflow (DSA-4299-1)
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 21 Sep 2018 16:46:37 +0200
Message-id: <[🔎] 153754119734.20955.2718783231635427379.reportbug@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 909317@bugs.debian.org

Source: texlive-bin
Version: 2016.20160513.41080.dfsg-2
Severity: grave
Tags: patch security upstream fixed-upstream
Control: fixed -1 2016.20160513.41080.dfsg-2+deb9u1
Control: fixed -1 2018.20180907.48586-2

Filling for tracking of the issue fixed in DSA-4299-1, CVE assignment
is pending.

Nick Roessler from the University of Pennsylvania has found a buffer overflow
in texlive-bin, the executables for TexLive, the popular distribution of TeX
document production system.

This buffer overflow can be used for arbitrary code execution by crafting a
special type1 font (.pfb) and provide it to users running pdf(la)tex, dvips or
luatex in a way that the font is loaded.

https://lists.debian.org/debian-security-announce/2018/msg00230.html

Regards,
Salvatore

Reply to:

Follow-Ups:
- Processed: texlive-bin: buffer overflow (DSA-4299-1)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: texlive-bin_2016.20160513.41080.dfsg-2+deb9u1_amd64.changes ACCEPTED into proposed-updates->stable-new
Next by Date: Processed: texlive-bin: buffer overflow (DSA-4299-1)
Previous by thread: texlive-bin_2016.20160513.41080.dfsg-2+deb9u1_amd64.changes ACCEPTED into proposed-updates->stable-new
Next by thread: Processed: texlive-bin: buffer overflow (DSA-4299-1)
Index(es):
- Date
- Thread