[ubuntu/hardy-security] texlive-bin_2007.dfsg.1-2ubuntu0.1_lpia_translations.tar.gz, texlive-bin_2007.dfsg.1-2ubuntu0.1_ia64_translations.tar.gz, texlive-bin_2007.dfsg.1-2ubuntu0.1_powerpc_translations.tar.gz, texlive-bin_2007.dfsg.1-2ubuntu0.1_amd64_translations.tar.gz, texlive-bin_2007.dfsg.1-2ubuntu0.1_sparc_translations.tar.gz (delayed), texlive-bin, texlive-bin_2007.dfsg.1-2ubuntu0.1_hppa_translations.tar.gz, texlive-bin_2007.dfsg.1-2ubuntu0.1_i386_translations.tar.gz 2007.dfsg.1-2ubuntu0.1 (Accepted)

[Ubuntu Installer]

texlive-bin (2007.dfsg.1-2ubuntu0.1) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service via buffer overflow
    - debian/patches/security-CVE-2009-1284.patch: check for pool overflow
      in build/source/texk/web2c/bibtex.ch.
    - CVE-2009-1284
  * SECURITY UPDATE: arbitrary code execution via memory corruption
    (LP: #537103)
    - debian/patches/security-CVE-2010-0827.patch: make sure name isn't
      too long in build/source/texk/dvipsk/virtualfont.c.
    - CVE-2010-0827
  * SECURITY UPDATE: arbitrary code execution via integer overflow
    - debian/patches/security-CVE-2010-0739,1440.patch: make sure numbytes
      doesn't overflow in build/source/texk/dvipsk/dospecial.c.
    - CVE-2010-0739
    - CVE-2010-1440

Date: Mon, 03 May 2010 09:17:58 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/texlive-bin/2007.dfsg.1-2ubuntu0.1
-------------- next part --------------
Format: 1.7
Date: Mon, 03 May 2010 09:17:58 -0400
Source: texlive-bin
Binary: texlive-base-bin texlive-extra-utils texlive-font-utils texlive-metapost texlive-omega texlive-xetex texlive-music texlive-lang-indic libkpathsea4 libkpathsea-dev texlive-metapost-doc texlive-base-bin-doc
Architecture: source
Version: 2007.dfsg.1-2ubuntu0.1
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libkpathsea-dev - TeX Live: path search library for TeX (development part)
 libkpathsea4 - TeX Live: path search library for TeX (runtime part)
 texlive-base-bin - TeX Live: Essential binaries
 texlive-base-bin-doc - TeX Live: Documentation files for texlive-base-bin
 texlive-extra-utils - TeX Live: TeX auxiliary programs
 texlive-font-utils - TeX Live: TeX font-related programs
 texlive-lang-indic - TeX Live: Indic
 texlive-metapost - TeX Live: MetaPost (and Metafont) drawing packages
 texlive-metapost-doc - TeX Live: Documentation files for texlive-metapost
 texlive-music - TeX Live: Music typesetting
 texlive-omega - TeX Live: Omega
 texlive-xetex - TeX Live: XeTeX macros
Launchpad-Bugs-Fixed: 537103
Changes: 
 texlive-bin (2007.dfsg.1-2ubuntu0.1) hardy-security; urgency=low
 .
   * SECURITY UPDATE: denial of service via buffer overflow
     - debian/patches/security-CVE-2009-1284.patch: check for pool overflow
       in build/source/texk/web2c/bibtex.ch.
     - CVE-2009-1284
   * SECURITY UPDATE: arbitrary code execution via memory corruption
     (LP: #537103)
     - debian/patches/security-CVE-2010-0827.patch: make sure name isn't
       too long in build/source/texk/dvipsk/virtualfont.c.
     - CVE-2010-0827
   * SECURITY UPDATE: arbitrary code execution via integer overflow
     - debian/patches/security-CVE-2010-0739,1440.patch: make sure numbytes
       doesn't overflow in build/source/texk/dvipsk/dospecial.c.
     - CVE-2010-0739
     - CVE-2010-1440
Files: 
 c99680c940f5ce0a8a637f923958b5e0 1324 tex optional texlive-bin_2007.dfsg.1-2ubuntu0.1.dsc
 57916604c614689a01685a191e88258e 232440 tex optional texlive-bin_2007.dfsg.1-2ubuntu0.1.diff.gz
Original-Maintainer: Debian TeX Maintainers <debian-tex-maint at lists.debian.org>