Your message dated Sat, 10 Oct 2009 11:02:17 +0000
with message-id <e1mwzil-0004fj...@ries.debian.org>
and subject line Bug#537254: fixed in mimetex 1.50-1.1
has caused the Debian Bug report #537254,
regarding mimetex: CVE-2009-2459 CVE-2009-1382 multiple security issues
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
537254: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=537254
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: mimetex
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for mimetex.
CVE-2009-2459[0]:
| Multiple unspecified vulnerabilities in mimeTeX, when downloaded
| before 20090713, have unknown impact and attack vectors related to the
| (1) \environ, (2) \input, and (3) \counter TeX directives.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
There is a new upstream release which fixes these issues.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2459
http://security-tracker.debian.net/tracker/CVE-2009-2459
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
pgp1JCSTD79Mg.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: mimetex
Source-Version: 1.50-1.1
We believe that the bug you reported is fixed in the latest version of
mimetex, which is due to be installed in the Debian FTP archive:
mimetex_1.50-1.1.diff.gz
to pool/main/m/mimetex/mimetex_1.50-1.1.diff.gz
mimetex_1.50-1.1.dsc
to pool/main/m/mimetex/mimetex_1.50-1.1.dsc
mimetex_1.50-1.1_i386.deb
to pool/main/m/mimetex/mimetex_1.50-1.1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 537...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Giuseppe Iuculano <iucul...@debian.org> (supplier of updated mimetex package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 10 Oct 2009 12:26:58 +0200
Source: mimetex
Binary: mimetex
Architecture: source i386
Version: 1.50-1.1
Distribution: unstable
Urgency: high
Maintainer: Isaac Clerencia <is...@sindominio.net>
Changed-By: Giuseppe Iuculano <iucul...@debian.org>
Description:
mimetex - LaTeX math expressions to anti-aliased GIF images converter
Closes: 537254
Changes:
mimetex (1.50-1.1) unstable; urgency=high
.
* Non-maintainer upload by the testing Security Team.
* mimetex.c: replace strcpy with strninit macro that uses strncpy, adjust
some buffer sizes. (CVE-2009-1382)
* mimetex.c: disable input and counter tags. (CVE-2009-2459)
Thanks to Marc Deslauriers (Closes: 537254)
Checksums-Sha1:
1f163191d9acf7d8831bb8500b8a85d014d4a29c 952 mimetex_1.50-1.1.dsc
fe11710f5f6edf308a396461b01380aede06d645 5299 mimetex_1.50-1.1.diff.gz
970e458402040f49e527a82f86821ad361394087 143452 mimetex_1.50-1.1_i386.deb
Checksums-Sha256:
4bf0a75e154aca721700ba0c550dc6f170eb5fbaca87802aa891f6c9f83de85b 952
mimetex_1.50-1.1.dsc
128ed5640f7dc5c9511727515cc5892509f18d12438d96485682becb0868d41c 5299
mimetex_1.50-1.1.diff.gz
a6dbccc40292024bec0ce4e7eed4d9e2e536b9b07aed10e2914e705f51ee07b7 143452
mimetex_1.50-1.1_i386.deb
Files:
115f9ea7cd63bf71316521040feae503 952 utils optional mimetex_1.50-1.1.dsc
1ce7ada1078ed7e281beafe4c8daf15a 5299 utils optional mimetex_1.50-1.1.diff.gz
c219e39344127ac10025f623fefa47b2 143452 utils optional
mimetex_1.50-1.1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkrQZDoACgkQNxpp46476aqJqQCgghLh1FQDsDaBTvz3gk3H977a
1jEAnR6HaU9dpx/INca3ioKoswu6G/OS
=uDE9
-----END PGP SIGNATURE-----
--- End Message ---
