Change log for tetex-bin package in Ubuntu
1 → 30 of 30 results | First • Previous • Next • Last |
tetex-bin (3.0-27ubuntu1.2) feisty-security; urgency=low * SECURITY UPDATE: improper bounds on static buffer results in stack-based buffer overflow * debian/patches/SECURITY_CVE-2007-5935.patch: make sure tmpbuf is allocated enough memory in texk/dvipsk/hps.c * SECURITY UPDATE: temporary file race condition in dviljk due to use of tmpnam() * SECURITY UPDATE: various buffer overflows in dviljk due to not checking memory boundaries * debian/patches/SECURITY_CVE-2007-5936+5937.patch: use mkdtemp() if available in dvi2xx.c. Replace calls to strcpy() and do proper bounds checking in dvi2xx.*. * Modify Maintainer value to match the DebianMaintainerField specification. * debian/control: Build-Depends on libcairo2-dev * References CVE-2007-5935 CVE-2007-5936 CVE-2007-5937 -- Jamie Strandboge <email address hidden> Tue, 4 Dec 2007 10:53:07 -0500
tetex-bin (3.0-17ubuntu2.1) edgy-security; urgency=low * SECURITY UPDATE: improper bounds on static buffer results in stack-based buffer overflow * debian/patches/SECURITY_CVE-2007-5935.patch: make sure tmpbuf is allocated enough memory in texk/dvipsk/hps.c * SECURITY UPDATE: temporary file race condition in dviljk due to use of tmpnam() * SECURITY UPDATE: various buffer overflows in dviljk due to not checking memory boundaries * debian/patches/SECURITY_CVE-2007-5936+5937.patch: use mkdtemp() if available in dvi2xx.c. Replace calls to strcpy() and do proper bounds checking in dvi2xx.*. * References CVE-2007-5935 CVE-2007-5936 CVE-2007-5937 -- Jamie Strandboge <email address hidden> Tue, 4 Dec 2007 14:05:54 -0500
tetex-bin (3.0-13ubuntu6.1) dapper-security; urgency=low * SECURITY UPDATE: improper bounds on static buffer results in stack-based buffer overflow * debian/patches/SECURITY_CVE-2007-5935.patch: make sure tmpbuf is allocated enough memory in texk/dvipsk/hps.c * SECURITY UPDATE: temporary file race condition in dviljk due to use of tmpnam() * SECURITY UPDATE: various buffer overflows in dviljk due to not checking memory boundaries * debian/patches/SECURITY_CVE-2007-5936+5937.patch: use mkdtemp() if available in dvi2xx.c. Replace calls to strcpy() and do proper bounds checking in dvi2xx.*. * References CVE-2007-5935 CVE-2007-5936 CVE-2007-5937 -- Jamie Strandboge <email address hidden> Tue, 4 Dec 2007 13:57:25 -0500
Obsolete in breezy-security |
tetex-bin (2.0.2-30ubuntu3.6) breezy-security; urgency=low * SECURITY UPDATE: Endless loop in embedded xpdf code. * Add debian/patches/patch-CVE-2007-0104: upstream fixes from koffice. * References CVE-2007-0104 -- Kees Cook <email address hidden> Wed, 24 Jan 2007 16:51:28 -0800
tetex-bin (3.0-27ubuntu1) feisty; urgency=low * Merge to Debian unstable. Remaining Ubuntu changes: - debian/patches/patch-poppler: Ported to poppler 0.5.1 API. - debian/patches/patch-dvipdfm-timezones: Fix dvipdfm crash in certain time zones.
Superseded in feisty-release |
tetex-bin (3.0-24ubuntu2) feisty; urgency=low * Add debian/patches/patch-dvipdfm-timezones: - Fix dvipdfm crash in certain time zones. - Thanks to Alex Murray for digging out the patch! - Closes: LP#66474 -- Martin Pitt <email address hidden> Fri, 15 Dec 2006 18:05:19 +0100
Superseded in feisty-release |
tetex-bin (3.0-24ubuntu1) feisty; urgency=low * Merge to Debian unstable. Remaining Ubuntu changes: - debian/patches/patch-poppler: Ported to poppler 0.5.1 API.
Superseded in feisty-release |
tetex-bin (3.0-23ubuntu1) feisty; urgency=low * Merge to Debian unstable. Remaining Ubuntu changes: - debian/patches/patch-poppler: Ported to poppler 0.5.1 API.
tetex-bin (3.0-17ubuntu2) edgy; urgency=low * No-change upload to build against current Poppler. This resolves the 'undefined symbol: _ZN4Dict3addERK10UGooStringP6Object' pdfetex failure (which breaks texinfo, which in turn causes various FTBFSes). -- Martin Pitt <email address hidden> Thu, 12 Oct 2006 17:10:33 +0200
Superseded in edgy-release |
tetex-bin (3.0-17ubuntu1) edgy; urgency=low * Synchronize to Debian, Ubuntu changes left: - debian/patches/patch-poppler: Ported to poppler 0.5.1 API. - debian/postinst.functions: Fix regular expression.
tetex-bin (3.0-13ubuntu6) dapper; urgency=low * No-change upload to build against the current poppler library (which changed API a bit due to the last bug fix). Closes: LP#42075 -- Martin Pitt <email address hidden> Mon, 29 May 2006 15:02:01 +0200
Superseded in breezy-security |
tetex-bin (2.0.2-30ubuntu3.5) breezy-security; urgency=low * SECURITY UPDATE: Multiple integer/buffer overflows in embedded xpdf code. * Add debian/patches/patch-CVE-2006-1244: - xpdf/JBIG2Stream.cc, xpdf/Stream.h: Fix various integer overflows. - Upstream patch from Derek Noonburg. * CVE-2006-1244 -- Martin Pitt <email address hidden> Wed, 12 Apr 2006 09:02:04 +0000
Obsolete in hoary-security |
tetex-bin (2.0.2-25ubuntu0.5) hoary-security; urgency=low * SECURITY UPDATE: Multiple integer/buffer overflows in embedded xpdf code. * Add debian/patches/patch-CVE-2006-1244: - xpdf/JBIG2Stream.cc, xpdf/Stream.h: Fix various integer overflows. - Upstream patch from Derek Noonburg. * CVE-2006-1244 -- Martin Pitt <email address hidden> Wed, 12 Apr 2006 09:11:58 +0000
Obsolete in warty-security |
tetex-bin (2.0.2-21ubuntu0.9) warty-security; urgency=low * SECURITY UPDATE: Multiple integer/buffer overflows in embedded xpdf code. * Add debian/patches/patch-CVE-2006-1244: - xpdf/JBIG2Stream.cc, xpdf/Stream.h: Fix various integer overflows. - Upstream patch from Derek Noonburg. * CVE-2006-1244 -- Martin Pitt <email address hidden> Wed, 12 Apr 2006 09:14:57 +0000
Superseded in dapper-release |
tetex-bin (3.0-13ubuntu5) dapper; urgency=low * debian/postinst.in: Do not install oxdvi.bin alternative, since oxdvi.real does not exist any more. Closes: LP#38321. -- Martin Pitt <email address hidden> Mon, 10 Apr 2006 12:43:11 +0200
Superseded in dapper-release |
tetex-bin (3.0-13ubuntu4) dapper; urgency=low * debian/postinst.functions: Enclose regular epxression in m!! instead of // to cope with the contained slashes. Thanks to Chris Moore! Closes: LP#33449 * debian/rules.in: Clean up build cruft in clean rule. -- Martin Pitt <email address hidden> Thu, 6 Apr 2006 14:57:35 +0200
Superseded in dapper-release |
tetex-bin (3.0-13ubuntu3) dapper; urgency=low * debian/patches/patch-poppler: Port to poppler 0.5.1 API (changes due to new UGooString class). * debian/control: Bump libpoppler-dev dependency. -- Martin Pitt <email address hidden> Thu, 9 Mar 2006 16:50:22 +0100
Superseded in dapper-release |
tetex-bin (3.0-13ubuntu2) dapper; urgency=low * debian/postinst.in: - remove the old formats before cleaning environment (fixes breezy->dapper upgrade problem) -- Michael Vogt <email address hidden> Thu, 23 Feb 2006 20:27:19 +0100
tetex-bin (3.0-13ubuntu1) dapper; urgency=low * debian/patches/patch-poppler: Additionally include <poppler/Link.h> in pdftoepdf.cc to fix FTBFS with poppler >= 0.5. -- Martin Pitt <email address hidden> Tue, 24 Jan 2006 15:59:55 +0100
tetex-bin (2.0.2-30ubuntu3.4) breezy-security; urgency=low * SECURITY UPDATE: Multiple integer/buffer overflows in embedded xpdf code. * Add debian/patches/patch-CVE-2005-3624_5_7, add handling for it to debian/rules. * xpdf/Stream.cc, CCITTFaxStream::CCITTFaxStream(): - Check columns for negative or large values. - CVE-2005-3624 * xpdf/Stream.cc, numComps checks introduced in CVE-2005-3191 patch: - Reset numComps to 0 since it's a global variable that is used later. - CVE-2005-3627 * xpdf/Stream.cc, DCTStream::readHuffmanTables(): - Fix out of bounds array access in Huffman tables. - CVE-2005-3627 * xpdf/Stream.cc, DCTStream::readMarker(): - Check for EOF in while loop to prevent endless loops. - CVE-2005-3625 * xpdf/JBIG2Stream.cc, JBIG2Bitmap::JBIG2Bitmap(), JBIG2Bitmap::expand(), JBIG2Stream::readHalftoneRegionSeg(): - Check user supplied width and height against invalid values. - Allocate one extra byte to prevent out of bounds access in combine(). -- Martin Pitt <email address hidden> Thu, 5 Jan 2006 13:55:08 +0000
tetex-bin (2.0.2-25ubuntu0.4) hoary-security; urgency=low * SECURITY UPDATE: Multiple integer/buffer overflows in embedded xpdf code. * Add debian/patches/patch-CVE-2005-3624_5_7, add handling for it to debian/rules. * xpdf/Stream.cc, CCITTFaxStream::CCITTFaxStream(): - Check columns for negative or large values. - CVE-2005-3624 * xpdf/Stream.cc, numComps checks introduced in CVE-2005-3191 patch: - Reset numComps to 0 since it's a global variable that is used later. - CVE-2005-3627 * xpdf/Stream.cc, DCTStream::readHuffmanTables(): - Fix out of bounds array access in Huffman tables. - CVE-2005-3627 * xpdf/Stream.cc, DCTStream::readMarker(): - Check for EOF in while loop to prevent endless loops. - CVE-2005-3625 * xpdf/JBIG2Stream.cc, JBIG2Bitmap::JBIG2Bitmap(), JBIG2Bitmap::expand(), JBIG2Stream::readHalftoneRegionSeg(): - Check user supplied width and height against invalid values. - Allocate one extra byte to prevent out of bounds access in combine(). -- Martin Pitt <email address hidden> Thu, 5 Jan 2006 14:09:56 +0000
tetex-bin (2.0.2-21ubuntu0.8) warty-security; urgency=low * SECURITY UPDATE: Multiple integer/buffer overflows in embedded xpdf code. * Add debian/patches/patch-CVE-2005-3624_5_7, add handling for it to debian/rules. * xpdf/Stream.cc, CCITTFaxStream::CCITTFaxStream(): - Check columns for negative or large values. - CVE-2005-3624 * xpdf/Stream.cc, numComps checks introduced in CVE-2005-3191 patch: - Reset numComps to 0 since it's a global variable that is used later. - CVE-2005-3627 * xpdf/Stream.cc, DCTStream::readHuffmanTables(): - Fix out of bounds array access in Huffman tables. - CVE-2005-3627 * xpdf/Stream.cc, DCTStream::readMarker(): - Check for EOF in while loop to prevent endless loops. - CVE-2005-3625 * xpdf/JBIG2Stream.cc, JBIG2Bitmap::JBIG2Bitmap(), JBIG2Bitmap::expand(), JBIG2Stream::readHalftoneRegionSeg(): - Check user supplied width and height against invalid values. - Allocate one extra byte to prevent out of bounds access in combine(). -- Martin Pitt <email address hidden> Thu, 5 Jan 2006 14:17:09 +0000
tetex-bin (3.0-13) unstable; urgency=low * {texconfig,fmtutil,updmap}-sys: improve handling to avoid spurious warnings when fmtutil is called from texconfig-sys (Closes: #343172) [jdg] * fmtutil: change $scriptname back to $progname to simplify patch [jdg] * fmtutil, updmap: fix mktexfmt handling (now called correctly by root and non-root) and error message handling when fmtutil/updmap called by root [jdg] * Fix patch-poppler: Accidently all binaries where linked against libpoppler and everything it links to (closes: #344912) [frank] * Add CVE ID to the changelog entry for 3.0-11 to indicate clearly which security issues have been fixed. * Bump standards version to 3.6.2 (no changes needed) * Fixes to manpages to make lintian happy * Translations: - Added Swedish debconf translation, thanks to Daniel Nylander <email address hidden> (closes: #343741) [frank] -- Frank Küster <email address hidden> Tue, 27 Dec 2005 21:21:00 +0100
Superseded in dapper-release |
tetex-bin (3.0-10.1ubuntu5) dapper; urgency=low * Add debian/patches/patch-poppler to build the two files that require xpdf (texk/web2c/pdftexdir/{pdftosrc.cc,pdftoepdf.cc}) against poppler: - Adapt include file paths. - s/GString/GooString/ (poppler change to not conflict with glib). - Adapt GlobalParams() constructor. - web2c/pdftexdir/depend.mk: Removed, and re-generated with 'make depend' to get rid of all the zlib and xpdf references to the shipped sources. - configure.in: Set needs_libxpdf=no even when building with pdftex, to avoid trying to build the internal xpdf copy. - configure: Stripped down changes generated by running autoconf 2.13. * Removed xpdf security patches, they are not necessary any more. * debian/control: Build-Depend on libpoppler-dev. * debian/rules.in: - Build with XXCFLAGS='-I/usr/include/poppler' and LDFLAGS='-lpoppler'. - Remove libs/xpdf and libs/zlib before building, just to make sure that we really don't use it. - Clean debian/latex.info on clean to be able to build the source package after building binaries. -- Martin Pitt <email address hidden> Mon, 12 Dec 2005 10:37:31 +0100
Superseded in breezy-security |
tetex-bin (2.0.2-30ubuntu3.3) breezy-security; urgency=low * SECURITY UPDATE: Multiple integer/buffer overflows in embedded xpdf code. * Add debian/patches/patch-CVE-2005-3191_2.patch, add handling for it to debian/rules. * xpdf/Stream.cc, DCTStream::readBaselineSOF(), DCTStream::readProgressiveSOF(), DCTStream::readScanInfo(): - Check numComps for invalid values. - http://www.idefense.com/application/poi/display?id=342&type=vulnerabilities - CVE-2005-3191 * xpdf/Stream.cc, StreamPredictor::StreamPredictor(): - Check rowBytes for invalid values. - http://www.idefense.com/application/poi/display?id=344&type=vulnerabilities - CVE-2005-3192 * Note: This embedded xpdf version does not support JPX, thus is not vulnerable against CVE-2005-3193. -- Martin Pitt <email address hidden> Thu, 8 Dec 2005 12:33:32 +0000
Obsolete in breezy-release |
tetex-bin (2.0.2-30ubuntu3) breezy; urgency=low * Just use g++-3.4 on ia64. -- Matthias Klose <email address hidden> Mon, 23 May 2005 19:09:02 +0000
Superseded in hoary-security |
tetex-bin (2.0.2-25ubuntu0.3) hoary-security; urgency=low * SECURITY UPDATE: Multiple integer/buffer overflows in embedded xpdf code. * Add debian/patches/patch-CVE-2005-3191_2.patch, add handling for it to debian/rules. * xpdf/Stream.cc, DCTStream::readBaselineSOF(), DCTStream::readProgressiveSOF(), DCTStream::readScanInfo(): - Check numComps for invalid values. - http://www.idefense.com/application/poi/display?id=342&type=vulnerabilities - CVE-2005-3191 * xpdf/Stream.cc, StreamPredictor::StreamPredictor(): - Check rowBytes for invalid values. - http://www.idefense.com/application/poi/display?id=344&type=vulnerabilities - CVE-2005-3192 * Note: This embedded xpdf version does not support JPX, thus is not vulnerable against CVE-2005-3193. -- Martin Pitt <email address hidden> Mon, 12 Dec 2005 11:41:52 +0100
tetex-bin (2.0.2-25) unstable; urgency=high * SECURITY UPDATE: - Added debian/patches/patch-CAN-2004-1125 to fix a buffer overflow in PDF reading code that was taken from xpdf (closes: #286984). Thanks to Martin Pitt <email address hidden>, see http://www.idefense.com/application/poi/display?id=172 [frank] - Fixed insecure tempfile creation, thanks to Javier Fernández-Sanguino Peña <email address hidden> (closes: #286370) [frank] * Fixed clean target, again providing clean sources [frank] * Added Suggests: rubber; together with lacheck this (closes: #196987) [frank] -- Frank Küster <email address hidden> Thu, 23 Dec 2004 16:31:38 +0100
Superseded in warty-security |
tetex-bin (2.0.2-21ubuntu0.7) warty-security; urgency=low * SECURITY UPDATE: Multiple integer/buffer overflows in embedded xpdf code. * Add debian/patches/patch-CVE-2005-3191_2.patch, add handling for it to debian/rules. * xpdf/Stream.cc, DCTStream::readBaselineSOF(), DCTStream::readProgressiveSOF(), DCTStream::readScanInfo(): - Check numComps for invalid values. - http://www.idefense.com/application/poi/display?id=342&type=vulnerabilities - CVE-2005-3191 * xpdf/Stream.cc, StreamPredictor::StreamPredictor(): - Check rowBytes for invalid values. - http://www.idefense.com/application/poi/display?id=344&type=vulnerabilities - CVE-2005-3192 * Note: This embedded xpdf version does not support JPX, thus is not vulnerable against CVE-2005-3193. -- Martin Pitt <email address hidden> Mon, 12 Dec 2005 11:48:59 +0100
tetex-bin (2.0.2-21) unstable; urgency=high * Closes a couple of important bugs in maintainer scripts, and should really get into sarge , therefore urgency=high. * Make sure that the correct language.dat is generated for the common formats, provide a smooth upgrade path from woody, and correct the regexp for fixing a buggy language.dat, thanks to Hilmar and Florent (closes: #269172, #267886). [frank] * Also provide a smooth upgrade path to the use of update-updmap and update-fmtutil, thanks to Pierre Machard <email address hidden> and Juhapekka Tolvanen <email address hidden> (closes: #268957, #267734). [frank] * Use correct Conflicts: and Provides: lines for dvipdfm, texdoctk, and some pre-woody packages that we completely replace, thanks to Bill Allombert <email address hidden> (closes: #269235). [frank] * Don't handle /var/cache/fonts in postrm, this is now in tetex-base [frank] * For the fix of #267664 in the last upload, a thank you also goes to Hilmar, once more. * Polished the wording of the english debconf questions, thanks to Gee Law <email address hidden> (closes: #268764) [frank] -- Frank Küster <email address hidden> Thu, 2 Sep 2004 17:05:49 +0200
1 → 30 of 30 results | First • Previous • Next • Last |