[Bug 537103] Re: dvips Memory Corruption vulnerability

Launchpad Bug Tracker Thu, 06 May 2010 06:16:26 -0700

This bug was fixed in the package texlive-bin - 2009-5ubuntu0.1

---------------
texlive-bin (2009-5ubuntu0.1) lucid-security; urgency=low


  * SECURITY UPDATE: arbitrary code execution via memory corruption
    (LP: #537103)
    - debian/patches/security-CVE-2010-0827.patch: make sure name isn't
      too long in texk/dvipsk/virtualfont.c.
    - CVE-2010-0827
  * SECURITY UPDATE: arbitrary code execution via integer overflow
    - debian/patches/security-CVE-2010-0739,1440.patch: make sure numbytes
      doesn't overflow in texk/dvipsk/dospecial.c.
    - CVE-2010-0739
    - CVE-2010-1440
 -- Marc Deslauriers <[email protected]>   Mon, 03 May 2010 09:05:31 
-0400

** Changed in: texlive-bin (Ubuntu)
       Status: Confirmed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-0739

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-1440

-- 
dvips Memory Corruption vulnerability
https://bugs.launchpad.net/bugs/537103
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 537103] Re: dvips Memory Corruption vulnerability

Reply via email to