Package: pidgin-latex
Version: 1.4.4-1
Severity: normal
Tags: upstream

Serious Security issue, where it was possible to get into makeatletter-mode, 
although it was blacklisted, giving any attacker able to send a message
over a messenger network to a user effective access to that user's
local system account.

The root cause of the problem is insufficient validation of LaTeX code
in the function 'gboolean is_blacklisted' in LaTeX.c in pidgin-latex.


-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-2-686-pae (SMP w/2 CPU cores)
Locale: LANG=es_PE.UTF-8, LC_CTYPE=es_PE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages pidgin-latex depends on:
ii  dvipng              1.14-1+b1
ii  libc6               2.13-30
ii  libglib2.0-0        2.32.0-4
ii  libpurple0          2.10.6-1
ii  pidgin              2.10.6-1
ii  texlive-latex-base  2012.20120611-3

pidgin-latex recommends no packages.

pidgin-latex suggests no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to