[SECURITY] Fedora 8 Test Update: tetex-3.0-44.2.fc8

updates at fedoraproject.org updates at fedoraproject.org
Thu Nov 15 03:32:22 UTC 2007 

--------------------------------------------------------------------------------
Fedora Test Update Notification
FEDORA-2007-3308
2007-11-15 03:31:51.672187
--------------------------------------------------------------------------------

Name        : tetex
Product     : Fedora 8
Version     : 3.0
Release     : 44.2.fc8
URL         : http://www.tug.org/teTeX/
Summary     : The TeX text formatting system.
Description :
TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes
a text file and a set of formatting commands as input and creates a
typesetter-independent .dvi (DeVice Independent) file as output.
Usually, TeX is used in conjunction with a higher level formatting
package like LaTeX or PlainTeX, since TeX by itself is not very
user-friendly. The output format needn't to be DVI, but also PDF,
when using pdflatex or similar tools.

Install tetex if you want to use the TeX text formatting system. Consider
to install tetex-latex (a higher level formatting package which provides
an easier-to-use interface for TeX). Unless you are an expert at using TeX,
you should also install the tetex-doc package, which includes the
documentation for TeX.

--------------------------------------------------------------------------------
Update Information:

- fix t1lib flaw CVE-2007-4033 (#352271)
- fix CVE-2007-4352 CVE-2007-5392 CVE-2007-5393, various xpdf flaws (#345121)
- fix dvips -z buffer overflow with long href CVE-2007-5935 (#368591)
- fix insecure usage of temporary file in dviljk CVE-2007-5936 CVE-2007-5937 (#368611, #368641)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 13 2007 Jindrich Novy <jnovy at redhat.com> 3.0-44.2
- fix dvips -z buffer overflow with long href (#368591)
- fix insecure usage of temporary file in dviljk (#368611, #368641)
* Thu Nov  8 2007 Jindrich Novy <jnovy at redhat.com> 3.0-44.1
- fix t1lib flaw CVE-2007-4033 (#352271)
- fix CVE-2007-4352 CVE-2007-5392 CVE-2007-5393, various xpdf flaws (#345121)
- remove links to buildroot from installed files
- fix BuildRoot
* Tue Oct 16 2007 Jindrich Novy <jnovy at redhat.com> 3.0-44
- xdvi won't segfault if DVI file contains character which
  is not present in font (#243630)
- enable compilation with ccache
* Thu Aug 23 2007 Jindrich Novy <jnovy at redhat.com> 3.0-43
- update License
- rebuild for BuildID
* Fri Aug 10 2007 Jindrich Novy <jnovy at redhat.com> 3.0-42
- backport upstream fix for xpdf integer overflow CVE-2007-3387 (#248194)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #352271 - CVE-2007-4033 t1lib font filename string overflow
        https://bugzilla.redhat.com/show_bug.cgi?id=352271
  [ 2 ] Bug #345121 - CVE-2007-5393 xpdf buffer overflow in CCITTFaxStream::lookChar()
        https://bugzilla.redhat.com/show_bug.cgi?id=345121
  [ 3 ] Bug #368591 - CVE-2007-5935 dvips -z buffer overflow with long href
        https://bugzilla.redhat.com/show_bug.cgi?id=368591
  [ 4 ] Bug #368611 - CVE-2007-5936 dviljk uses insecure temporary file
        https://bugzilla.redhat.com/show_bug.cgi?id=368611
  [ 5 ] Bug #368641 - CVE-2007-5937 Multiple dviljk buffer overflows
        https://bugzilla.redhat.com/show_bug.cgi?id=368641
  [ 6 ] Bug #379861 - Multiple tetex vulnerabilities [f8]
        https://bugzilla.redhat.com/show_bug.cgi?id=379861
--------------------------------------------------------------------------------
Updated packages:

f92988b13f15d47a0770d9abb45da467d0bfddf2 tetex-afm-3.0-44.2.fc8.ppc64.rpm
86f6e1e9d0a53ab34a09a920f18054444bbc0dd3 tetex-3.0-44.2.fc8.ppc64.rpm
7ad7eb0a97bbf9457872cc94b33356b2236fad12 tetex-debuginfo-3.0-44.2.fc8.ppc64.rpm
2d612643a58fdfc09e1511bcf986ee8eccebdf46 tetex-fonts-3.0-44.2.fc8.ppc64.rpm
d1024b94894f79f869d253a0c67073d03df63c3c tetex-dvips-3.0-44.2.fc8.ppc64.rpm
36c146e28b2cab7c778d322cbcd2d047622672fa tetex-latex-3.0-44.2.fc8.ppc64.rpm
59b3fdb247e4fc71802261c58adcad86d79a1636 tetex-doc-3.0-44.2.fc8.ppc64.rpm
9901b13d60b9a766b6f11cc1bebb859475600cc2 tetex-xdvi-3.0-44.2.fc8.ppc64.rpm
487914830dcf50c6b93d453695b18d59a3985998 tetex-doc-3.0-44.2.fc8.i386.rpm
1230f7e9b83f5b4fdc130473169084fa25f3df63 tetex-xdvi-3.0-44.2.fc8.i386.rpm
56b56ecc328ae90f0f53a70dddc139645f1eacc4 tetex-dvips-3.0-44.2.fc8.i386.rpm
5b1a63d9f0951ad3c64e1860f6a4d71a8c82021d tetex-latex-3.0-44.2.fc8.i386.rpm
a86e2b81edd7ea11e2a7121e64f3e37305864c4f tetex-debuginfo-3.0-44.2.fc8.i386.rpm
94fde6981a45bfe043e18c1f3d8c3e3bd10294c0 tetex-3.0-44.2.fc8.i386.rpm
02ce6e6cc0276dd30ee1774b9fe126a9ba56f5f0 tetex-afm-3.0-44.2.fc8.i386.rpm
b0559fb3c89cc49806d615932fa35471db7ee43b tetex-fonts-3.0-44.2.fc8.i386.rpm
4f1d6fd11d5f54651cad932d9bf970f95c56568f tetex-xdvi-3.0-44.2.fc8.x86_64.rpm
f3f5fc53e998260f5dec7ed72b80c4c09dd75fc5 tetex-latex-3.0-44.2.fc8.x86_64.rpm
6ffd983f50093a0f8d53ff860da0a1c0e509a52a tetex-dvips-3.0-44.2.fc8.x86_64.rpm
b6ac0bed35f794b4fc79009a41555fef42872615 tetex-fonts-3.0-44.2.fc8.x86_64.rpm
5087358217545ffc160e36740bb9eb05a2d8afe9 tetex-afm-3.0-44.2.fc8.x86_64.rpm
52f7ba73bc6688922df8e2bd15265291a963bc6b tetex-3.0-44.2.fc8.x86_64.rpm
b1478125af344e58cbed8e0bd53bf4af5354d43f tetex-debuginfo-3.0-44.2.fc8.x86_64.rpm
dd8ca271c64159c407cdb2b40de187618a1e14a2 tetex-doc-3.0-44.2.fc8.x86_64.rpm
fcf45aff385bbf83214618693940cad0c59dd590 tetex-dvips-3.0-44.2.fc8.ppc.rpm
da158cb1c8a5ed5f3113e0324443a57347f97a6f tetex-3.0-44.2.fc8.ppc.rpm
d0c0b13e4e92ee0f583edd55bcd76e421fea9b80 tetex-doc-3.0-44.2.fc8.ppc.rpm
a4476bfc669b196b03ff6eee65428d58206b8476 tetex-fonts-3.0-44.2.fc8.ppc.rpm
ab1d65d5822eddbfa84518c93a0a91b54765c277 tetex-afm-3.0-44.2.fc8.ppc.rpm
1d3e8a14eff32355ef4c6585be2d870096c44f25 tetex-debuginfo-3.0-44.2.fc8.ppc.rpm
f42ed9530724f7ea7c29dc760830aef66e114309 tetex-latex-3.0-44.2.fc8.ppc.rpm
0ddb0d4b0c12296147d75c020db4a31a20ff3f7d tetex-xdvi-3.0-44.2.fc8.ppc.rpm
31032b7bec309d980cdf3a2b692fd14efa484b70 tetex-3.0-44.2.fc8.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum --enablerepo=updates-testing update tetex' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------

More information about the fedora-test-list mailing list