Your message dated Wed, 02 Dec 2009 04:34:28 +0000
with message-id <e1nfgv6-0001jx...@ries.debian.org>
and subject line Bug#537258: fixed in mathtex 1.03-1
has caused the Debian Bug report #537258,
regarding mathtex: CVE-2009-1383 arbirary code execution via crafted dpi tag
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
537258: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=537258
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: mathtex
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for mathtex.
CVE-2009-1383[0]:
| The getdirective function in mathtex.cgi in mathTeX, when downloaded
| before 20090713, allows remote attackers to execute arbitrary commands
| via shell metacharacters in the dpi tag.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1383
http://security-tracker.debian.net/tracker/CVE-2009-1383
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
pgpkP0JNqqTcP.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: mathtex
Source-Version: 1.03-1
We believe that the bug you reported is fixed in the latest version of
mathtex, which is due to be installed in the Debian FTP archive:
mathtex_1.03-1.diff.gz
to main/m/mathtex/mathtex_1.03-1.diff.gz
mathtex_1.03-1.dsc
to main/m/mathtex/mathtex_1.03-1.dsc
mathtex_1.03-1_i386.deb
to main/m/mathtex/mathtex_1.03-1_i386.deb
mathtex_1.03.orig.tar.gz
to main/m/mathtex/mathtex_1.03.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 537...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Johan Henriksson <maho...@areta.org> (supplier of updated mathtex package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 29 Nov 2009 20:21:54 +0100
Source: mathtex
Binary: mathtex
Architecture: source i386
Version: 1.03-1
Distribution: unstable
Urgency: high
Maintainer: Johan Henriksson <maho...@areta.org>
Changed-By: Johan Henriksson <maho...@areta.org>
Description:
mathtex - Generate image from LaTeX command
Closes: 520216 535862 537253 537258
Changes:
mathtex (1.03-1) unstable; urgency=high
.
* New upstream release.
- Fix "CVE-2009-1383 arbitrary code execution via crafted dpi tag"
(Closes: #537258)
- Fix "CVE-2009-2461 CVE-2009-2460 mult. security issues" (Closes: #537253)
* Fix "manpage inconsistency" (Closes: #535862)
* Fix "package description" (Closes: #520216)
Checksums-Sha1:
c2538e22cf33b54464b67a8cf3783c053f6c1c4c 1017 mathtex_1.03-1.dsc
318875e1a91bc6755e2886f61e22e97f14a8d85e 142939 mathtex_1.03.orig.tar.gz
1d106d22b9e8d36cd6bf5a912ffef81708d77a5c 3542 mathtex_1.03-1.diff.gz
d32b73167175ebda986abacf5e78e4e0b4f39e32 90206 mathtex_1.03-1_i386.deb
Checksums-Sha256:
e93f5d8ff94b72006e0ea7d7e65747e9e51291c81d932de75553067d8295fc52 1017
mathtex_1.03-1.dsc
398e98cfcdbd332aba105070ed565b482ff3b20790f56aa59ebcb1fff24a576c 142939
mathtex_1.03.orig.tar.gz
e97e753f51c66943a8c9b024e893f3609c2b9542e7d5a0a42b0dcfbf09a7f271 3542
mathtex_1.03-1.diff.gz
c7f2842011342a972cf1731f5880887268133d71d43f44c22b62ba6aff3d3927 90206
mathtex_1.03-1_i386.deb
Files:
4666bfa0616b7b46994b70aaf9ecdbb7 1017 graphics optional mathtex_1.03-1.dsc
c5b2d44a3716a37eaa9157bd92418f19 142939 graphics optional
mathtex_1.03.orig.tar.gz
4d045be77190901b32d946efa009e746 3542 graphics optional mathtex_1.03-1.diff.gz
7d5bb0f2d0a07caa1bd11bb9a4ccf68d 90206 graphics optional
mathtex_1.03-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAksV6iEACgkQpdwBkPlyvgNJcACfWZRgKFuuGqr3XmeHjrB788D9
JYAAnjIdUffcqUIwVEJ5A8yAACscvySK
=TLXe
-----END PGP SIGNATURE-----
--- End Message ---
