Your message dated Sat, 24 Oct 2009 19:58:53 +0000
with message-id <e1n1mlj-0005vy...@ries.debian.org>
and subject line Bug#537254: fixed in mimetex 1.50-1+etch1
has caused the Debian Bug report #537254,
regarding mimetex: CVE-2009-2459 CVE-2009-1382 multiple security issues
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
537254: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=537254
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: mimetex
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for mimetex.
CVE-2009-2459[0]:
| Multiple unspecified vulnerabilities in mimeTeX, when downloaded
| before 20090713, have unknown impact and attack vectors related to the
| (1) \environ, (2) \input, and (3) \counter TeX directives.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
There is a new upstream release which fixes these issues.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2459
http://security-tracker.debian.net/tracker/CVE-2009-2459
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
pgpt5VTCZBg39.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: mimetex
Source-Version: 1.50-1+etch1
We believe that the bug you reported is fixed in the latest version of
mimetex, which is due to be installed in the Debian FTP archive:
mimetex_1.50-1+etch1.diff.gz
to pool/main/m/mimetex/mimetex_1.50-1+etch1.diff.gz
mimetex_1.50-1+etch1.dsc
to pool/main/m/mimetex/mimetex_1.50-1+etch1.dsc
mimetex_1.50-1+etch1_i386.deb
to pool/main/m/mimetex/mimetex_1.50-1+etch1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 537...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Giuseppe Iuculano <iucul...@debian.org> (supplier of updated mimetex package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 11 Oct 2009 10:34:30 +0200
Source: mimetex
Binary: mimetex
Architecture: source i386
Version: 1.50-1+etch1
Distribution: oldstable-security
Urgency: high
Maintainer: Isaac Clerencia <is...@sindominio.net>
Changed-By: Giuseppe Iuculano <iucul...@debian.org>
Description:
mimetex - LaTeX math expressions to anti-aliased GIF images converter
Closes: 537254
Changes:
mimetex (1.50-1+etch1) oldstable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* mimetex.c: replace strcpy with strninit macro that uses strncpy, adjust
some buffer sizes. (CVE-2009-1382)
* mimetex.c: disable input and counter tags. (CVE-2009-2459)
Thanks to Marc Deslauriers (Closes: 537254)
Files:
4c4ac225a147438ea1bb7be1b0f65019 584 utils optional mimetex_1.50-1+etch1.dsc
cdda954fc3a436daa8345ecbfdb084c3 401817 utils optional mimetex_1.50.orig.tar.gz
5d3a2a06fecf83d573c8cbb9c778ddf0 5318 utils optional
mimetex_1.50-1+etch1.diff.gz
55db42c430e79ebd525679d72c8556f8 143668 utils optional
mimetex_1.50-1+etch1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkrRmqkACgkQNxpp46476arm6QCeL3N/iQdVBlYHWUhMJpMVJVHa
XM8AoIRd+fH6WUArfpY01TFFMbCRgW2Z
=NTna
-----END PGP SIGNATURE-----
--- End Message ---
