Package: pidgin-latex Version: 1.4.4-1 Severity: normal Tags: upstream Serious Security issue, where it was possible to get into makeatletter-mode, although it was blacklisted, giving any attacker able to send a message over a messenger network to a user effective access to that user's local system account.
The root cause of the problem is insufficient validation of LaTeX code in the function 'gboolean is_blacklisted' in LaTeX.c in pidgin-latex. -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.2.0-2-686-pae (SMP w/2 CPU cores) Locale: LANG=es_PE.UTF-8, LC_CTYPE=es_PE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages pidgin-latex depends on: ii dvipng 1.14-1+b1 ii libc6 2.13-30 ii libglib2.0-0 2.32.0-4 ii libpurple0 2.10.6-1 ii pidgin 2.10.6-1 ii texlive-latex-base 2012.20120611-3 pidgin-latex recommends no packages. pidgin-latex suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

