-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 08 Dec 2007 19:13:43 +0000
Source: texlive-bin
Binary: texlive-extra-utils libkpathsea-dev libkpathsea4 texlive-xetex texlive-lang-indic texlive-omega texlive-font-utils texlive-metapost texlive-base-bin texlive-music
Architecture: source i386
Version: 2007-14+lenny1
Distribution: testing-security
Urgency: high
Maintainer: Debian TeX Maintainers <debian-tex-maint@lists.debian.org>
Changed-By: Steffen Joeris <white@debian.org>
Description:
libkpathsea-dev - TeX Live: path search library for TeX (development part)
libkpathsea4 - TeX Live: path search library for TeX (runtime part)
texlive-base-bin - TeX Live: Essential binaries
texlive-extra-utils - TeX Live: TeX auxiliary programs
texlive-font-utils - TeX Live: TeX font-related programs
texlive-lang-indic - TeX Live: Indic
texlive-metapost - TeX Live: MetaPost (and Metafont) drawing packages
texlive-music - TeX Live: Music typesetting
texlive-omega - TeX Live: Omega
texlive-xetex - TeX Live: XeTeX macros
Changes:
texlive-bin (2007-14+lenny1) testing-security; urgency=high
.
* Non-maintainer upload by the security team
* Fix stack based buffer overflow in hpc.c to prevent user-assisted
attackers to execute arbitrary code via a DVI file with a long href
tag
Fixes: CVE-2007-5935
Files:
240123bbe8dcb518137199e53e404b4a 1166 tex optional texlive-bin_2007-14+lenny1.dsc
11427cda2c5612464e5459b2c7d2b5b6 70676090 tex optional texlive-bin_2007.orig.tar.gz
2ffae60e4d5203a4a71eae5887680326 218114 tex optional texlive-bin_2007-14+lenny1.diff.gz
b0d6b2331a976caccc6c8eae3f84dbc2 10973232 tex optional texlive-base-bin_2007-14+lenny1_i386.deb
6f75e7961eedbc677948232e72c22d60 572438 tex optional texlive-extra-utils_2007-14+lenny1_i386.deb
d4a808ed97860f2f675004f8bde6fa69 970140 tex optional texlive-font-utils_2007-14+lenny1_i386.deb
73c4149fd298d306508b962e16b92de7 7318756 tex optional texlive-metapost_2007-14+lenny1_i386.deb
d804c81707be1558117d4df51710b2b6 2712064 tex optional texlive-omega_2007-14+lenny1_i386.deb
25769e7b72edd946ed054d6c28c724d0 6367542 tex optional texlive-xetex_2007-14+lenny1_i386.deb
d974604c41b9d55ffcb3582b880948fb 1716660 tex optional texlive-music_2007-14+lenny1_i386.deb
e1a6c97b0c546f58190ade5dab8ccd4b 6720870 tex optional texlive-lang-indic_2007-14+lenny1_i386.deb
aa89109b0d623be4298eed412a034b07 113148 libs optional libkpathsea4_2007-14+lenny1_i386.deb
081bcbce716cb602745b5ec9dc516a01 151304 libdevel optional libkpathsea-dev_2007-14+lenny1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHWvmz62zWxYk/rQcRAtbsAKDB4ZHOEbOj71XWYLN4Qh1/MIejNQCgnekT
Obq+p3kAYkURkUr9GIVRoL0=
=um14
-----END PGP SIGNATURE-----
Accepted:
libkpathsea-dev_2007-14+lenny1_i386.deb
to pool/main/t/texlive-bin/libkpathsea-dev_2007-14+lenny1_i386.deb
libkpathsea4_2007-14+lenny1_i386.deb
to pool/main/t/texlive-bin/libkpathsea4_2007-14+lenny1_i386.deb
texlive-base-bin_2007-14+lenny1_i386.deb
to pool/main/t/texlive-bin/texlive-base-bin_2007-14+lenny1_i386.deb
texlive-bin_2007-14+lenny1.diff.gz
to pool/main/t/texlive-bin/texlive-bin_2007-14+lenny1.diff.gz
texlive-bin_2007-14+lenny1.dsc
to pool/main/t/texlive-bin/texlive-bin_2007-14+lenny1.dsc
texlive-extra-utils_2007-14+lenny1_i386.deb
to pool/main/t/texlive-bin/texlive-extra-utils_2007-14+lenny1_i386.deb
texlive-font-utils_2007-14+lenny1_i386.deb
to pool/main/t/texlive-bin/texlive-font-utils_2007-14+lenny1_i386.deb
texlive-lang-indic_2007-14+lenny1_i386.deb
to pool/main/t/texlive-bin/texlive-lang-indic_2007-14+lenny1_i386.deb
texlive-metapost_2007-14+lenny1_i386.deb
to pool/main/t/texlive-bin/texlive-metapost_2007-14+lenny1_i386.deb
texlive-music_2007-14+lenny1_i386.deb
to pool/main/t/texlive-bin/texlive-music_2007-14+lenny1_i386.deb
texlive-omega_2007-14+lenny1_i386.deb
to pool/main/t/texlive-bin/texlive-omega_2007-14+lenny1_i386.deb
texlive-xetex_2007-14+lenny1_i386.deb
to pool/main/t/texlive-bin/texlive-xetex_2007-14+lenny1_i386.deb
