Your message dated Thu, 17 Dec 2009 00:17:00 +0000
with message-id <[email protected]>
and subject line Bug#537254: fixed in mimetex 1.50-1+lenny1
has caused the Debian Bug report #537254,
regarding mimetex: CVE-2009-2459 CVE-2009-1382 multiple security issues
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
537254: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=537254
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: mimetex
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for mimetex.
CVE-2009-2459[0]:
| Multiple unspecified vulnerabilities in mimeTeX, when downloaded
| before 20090713, have unknown impact and attack vectors related to the
| (1) \environ, (2) \input, and (3) \counter TeX directives.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
There is a new upstream release which fixes these issues.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2459
http://security-tracker.debian.net/tracker/CVE-2009-2459
--
Nico Golde - http://www.ngolde.de - [email protected] - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
pgpu9nmnlQ1V4.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: mimetex
Source-Version: 1.50-1+lenny1
We believe that the bug you reported is fixed in the latest version of
mimetex, which is due to be installed in the Debian FTP archive:
mimetex_1.50-1+lenny1.diff.gz
to main/m/mimetex/mimetex_1.50-1+lenny1.diff.gz
mimetex_1.50-1+lenny1.dsc
to main/m/mimetex/mimetex_1.50-1+lenny1.dsc
mimetex_1.50-1+lenny1_i386.deb
to main/m/mimetex/mimetex_1.50-1+lenny1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Giuseppe Iuculano <[email protected]> (supplier of updated mimetex package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 11 Oct 2009 14:13:29 +0200
Source: mimetex
Binary: mimetex
Architecture: source i386
Version: 1.50-1+lenny1
Distribution: stable-security
Urgency: high
Maintainer: Isaac Clerencia <[email protected]>
Changed-By: Giuseppe Iuculano <[email protected]>
Description:
mimetex - LaTeX math expressions to anti-aliased GIF images converter
Closes: 537254
Changes:
mimetex (1.50-1+lenny1) stable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* mimetex.c: replace strcpy with strninit macro that uses strncpy, adjust
some buffer sizes. (CVE-2009-1382)
* mimetex.c: disable input and counter tags. (CVE-2009-2459)
Thanks to Marc Deslauriers (Closes: 537254)
Checksums-Sha1:
da5a050738098884af4897166b9a21c54b36e7a6 972 mimetex_1.50-1+lenny1.dsc
2cfdeaee2b40ee2c89f06fc238d9b8bcf5f76dfe 5306 mimetex_1.50-1+lenny1.diff.gz
2d4b0f0943940b834696b89a83bf6d0c789d4b72 143488 mimetex_1.50-1+lenny1_i386.deb
Checksums-Sha256:
c09d71501b76d6441aec91bc1fcf5329249ef5043c118176e0a082e182a4b38f 972
mimetex_1.50-1+lenny1.dsc
e7d6275d09a30583db671dcbb4d85dc22d8445ec8a1227f076f7138d6e34ccab 5306
mimetex_1.50-1+lenny1.diff.gz
23ca1c28f4877a358b1ab72718993600f5b5952a9270ffbd19459fc423e9296c 143488
mimetex_1.50-1+lenny1_i386.deb
Files:
b35272972081323cbf35a3e98aec93b9 972 utils optional mimetex_1.50-1+lenny1.dsc
30ed565a964a379fd1759ae60f817e4b 5306 utils optional
mimetex_1.50-1+lenny1.diff.gz
3f803042c9fe34f886dfa425fc0dff29 143488 utils optional
mimetex_1.50-1+lenny1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkrRzTMACgkQNxpp46476arDWwCfQvLN/416ik/WGVY5kYybN2FQ
vecAn3DDmlrFNiW+YNX1+ucxVKdIdy9y
=z3RB
-----END PGP SIGNATURE-----
--- End Message ---
