-------------------------------------------------------------------------------- Fedora Test Update Notification FEDORA-2007-3308 2007-11-15 03:31:51.672187 -------------------------------------------------------------------------------- Name : tetex Product : Fedora 8 Version : 3.0 Release : 44.2.fc8 URL : http://www.tug.org/teTeX/ Summary : The TeX text formatting system. Description : TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter-independent .dvi (DeVice Independent) file as output. Usually, TeX is used in conjunction with a higher level formatting package like LaTeX or PlainTeX, since TeX by itself is not very user-friendly. The output format needn't to be DVI, but also PDF, when using pdflatex or similar tools. Install tetex if you want to use the TeX text formatting system. Consider to install tetex-latex (a higher level formatting package which provides an easier-to-use interface for TeX). Unless you are an expert at using TeX, you should also install the tetex-doc package, which includes the documentation for TeX. -------------------------------------------------------------------------------- Update Information: - fix t1lib flaw CVE-2007-4033 (#352271) - fix CVE-2007-4352 CVE-2007-5392 CVE-2007-5393, various xpdf flaws (#345121) - fix dvips -z buffer overflow with long href CVE-2007-5935 (#368591) - fix insecure usage of temporary file in dviljk CVE-2007-5936 CVE-2007-5937 (#368611, #368641) -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 13 2007 Jindrich Novy <jnovy@xxxxxxxxxx> 3.0-44.2 - fix dvips -z buffer overflow with long href (#368591) - fix insecure usage of temporary file in dviljk (#368611, #368641) * Thu Nov 8 2007 Jindrich Novy <jnovy@xxxxxxxxxx> 3.0-44.1 - fix t1lib flaw CVE-2007-4033 (#352271) - fix CVE-2007-4352 CVE-2007-5392 CVE-2007-5393, various xpdf flaws (#345121) - remove links to buildroot from installed files - fix BuildRoot * Tue Oct 16 2007 Jindrich Novy <jnovy@xxxxxxxxxx> 3.0-44 - xdvi won't segfault if DVI file contains character which is not present in font (#243630) - enable compilation with ccache * Thu Aug 23 2007 Jindrich Novy <jnovy@xxxxxxxxxx> 3.0-43 - update License - rebuild for BuildID * Fri Aug 10 2007 Jindrich Novy <jnovy@xxxxxxxxxx> 3.0-42 - backport upstream fix for xpdf integer overflow CVE-2007-3387 (#248194) -------------------------------------------------------------------------------- References: [ 1 ] Bug #352271 - CVE-2007-4033 t1lib font filename string overflow https://bugzilla.redhat.com/show_bug.cgi?id=352271 [ 2 ] Bug #345121 - CVE-2007-5393 xpdf buffer overflow in CCITTFaxStream::lookChar() https://bugzilla.redhat.com/show_bug.cgi?id=345121 [ 3 ] Bug #368591 - CVE-2007-5935 dvips -z buffer overflow with long href https://bugzilla.redhat.com/show_bug.cgi?id=368591 [ 4 ] Bug #368611 - CVE-2007-5936 dviljk uses insecure temporary file https://bugzilla.redhat.com/show_bug.cgi?id=368611 [ 5 ] Bug #368641 - CVE-2007-5937 Multiple dviljk buffer overflows https://bugzilla.redhat.com/show_bug.cgi?id=368641 [ 6 ] Bug #379861 - Multiple tetex vulnerabilities [f8] https://bugzilla.redhat.com/show_bug.cgi?id=379861 -------------------------------------------------------------------------------- Updated packages: f92988b13f15d47a0770d9abb45da467d0bfddf2 tetex-afm-3.0-44.2.fc8.ppc64.rpm 86f6e1e9d0a53ab34a09a920f18054444bbc0dd3 tetex-3.0-44.2.fc8.ppc64.rpm 7ad7eb0a97bbf9457872cc94b33356b2236fad12 tetex-debuginfo-3.0-44.2.fc8.ppc64.rpm 2d612643a58fdfc09e1511bcf986ee8eccebdf46 tetex-fonts-3.0-44.2.fc8.ppc64.rpm d1024b94894f79f869d253a0c67073d03df63c3c tetex-dvips-3.0-44.2.fc8.ppc64.rpm 36c146e28b2cab7c778d322cbcd2d047622672fa tetex-latex-3.0-44.2.fc8.ppc64.rpm 59b3fdb247e4fc71802261c58adcad86d79a1636 tetex-doc-3.0-44.2.fc8.ppc64.rpm 9901b13d60b9a766b6f11cc1bebb859475600cc2 tetex-xdvi-3.0-44.2.fc8.ppc64.rpm 487914830dcf50c6b93d453695b18d59a3985998 tetex-doc-3.0-44.2.fc8.i386.rpm 1230f7e9b83f5b4fdc130473169084fa25f3df63 tetex-xdvi-3.0-44.2.fc8.i386.rpm 56b56ecc328ae90f0f53a70dddc139645f1eacc4 tetex-dvips-3.0-44.2.fc8.i386.rpm 5b1a63d9f0951ad3c64e1860f6a4d71a8c82021d tetex-latex-3.0-44.2.fc8.i386.rpm a86e2b81edd7ea11e2a7121e64f3e37305864c4f tetex-debuginfo-3.0-44.2.fc8.i386.rpm 94fde6981a45bfe043e18c1f3d8c3e3bd10294c0 tetex-3.0-44.2.fc8.i386.rpm 02ce6e6cc0276dd30ee1774b9fe126a9ba56f5f0 tetex-afm-3.0-44.2.fc8.i386.rpm b0559fb3c89cc49806d615932fa35471db7ee43b tetex-fonts-3.0-44.2.fc8.i386.rpm 4f1d6fd11d5f54651cad932d9bf970f95c56568f tetex-xdvi-3.0-44.2.fc8.x86_64.rpm f3f5fc53e998260f5dec7ed72b80c4c09dd75fc5 tetex-latex-3.0-44.2.fc8.x86_64.rpm 6ffd983f50093a0f8d53ff860da0a1c0e509a52a tetex-dvips-3.0-44.2.fc8.x86_64.rpm b6ac0bed35f794b4fc79009a41555fef42872615 tetex-fonts-3.0-44.2.fc8.x86_64.rpm 5087358217545ffc160e36740bb9eb05a2d8afe9 tetex-afm-3.0-44.2.fc8.x86_64.rpm 52f7ba73bc6688922df8e2bd15265291a963bc6b tetex-3.0-44.2.fc8.x86_64.rpm b1478125af344e58cbed8e0bd53bf4af5354d43f tetex-debuginfo-3.0-44.2.fc8.x86_64.rpm dd8ca271c64159c407cdb2b40de187618a1e14a2 tetex-doc-3.0-44.2.fc8.x86_64.rpm fcf45aff385bbf83214618693940cad0c59dd590 tetex-dvips-3.0-44.2.fc8.ppc.rpm da158cb1c8a5ed5f3113e0324443a57347f97a6f tetex-3.0-44.2.fc8.ppc.rpm d0c0b13e4e92ee0f583edd55bcd76e421fea9b80 tetex-doc-3.0-44.2.fc8.ppc.rpm a4476bfc669b196b03ff6eee65428d58206b8476 tetex-fonts-3.0-44.2.fc8.ppc.rpm ab1d65d5822eddbfa84518c93a0a91b54765c277 tetex-afm-3.0-44.2.fc8.ppc.rpm 1d3e8a14eff32355ef4c6585be2d870096c44f25 tetex-debuginfo-3.0-44.2.fc8.ppc.rpm f42ed9530724f7ea7c29dc760830aef66e114309 tetex-latex-3.0-44.2.fc8.ppc.rpm 0ddb0d4b0c12296147d75c020db4a31a20ff3f7d tetex-xdvi-3.0-44.2.fc8.ppc.rpm 31032b7bec309d980cdf3a2b692fd14efa484b70 tetex-3.0-44.2.fc8.src.rpm This update can be installed with the "yum" update program. Use su -c 'yum --enablerepo=updates-testing update tetex' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. -------------------------------------------------------------------------------- -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list