Bug 47875 - texlive-bin: Multiple issues (4.2)
texlive-bin: Multiple issues (4.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.2
All Linux
: P3 normal (vote)
: UCS 4.2-5-errata
Assigned To: Quality Assurance
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-09-27 12:46 CEST by Quality Assurance
Modified: 2018-10-04 16:16 CEST (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 7.0 (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2018-09-27 12:46:37 CEST
New Debian texlive-bin 2014.20140926.35254-6+deb8u1 fixes:
This update addresses the following issue:

* 2014.20140926.35254-6+deb8u1 (Wed, 19 Sep 2018 13:28:25 +0900) * fix  writet1 buffer overflow

* 2014.20140926.35254-6+deb8u1 (Wed, 19 Sep 2018 13:28:25 +0900) * fix  writet1 buffer overflow

* 2014.20140926.35254-6+deb8u1 (Wed, 19 Sep 2018 13:28:25 +0900) * fix  writet1 buffer overflow

* 2014.20140926.35254-6+deb8u1 (Wed, 19 Sep 2018 13:28:25 +0900) * fix  writet1 buffer overflow

* 2014.20140926.35254-6+deb8u1 (Wed, 19 Sep 2018 13:28:25 +0900) * fix  writet1 buffer overflow
* Buffer overflow in t1_check_unusual_charstring function in writet1.c  (CVE-2018-17407)
Comment 1 Quality Assurance univentionstaff 2018-09-27 13:00:37 CEST
--- mirror/ftp/4.2/unmaintained/4.2-0/source/texlive-bin_2014.20140926.35254-6.dsc
+++ apt/ucs_4.2-0-errata4.2-5/source/texlive-bin_2014.20140926.35254-6+deb8u1.dsc
@@ -1,3 +1,7 @@
+2014.20140926.35254-6+deb8u1 [Wed, 19 Sep 2018 13:28:25 +0900] Norbert Preining <preining@debian.org>:
+
+  * fix writet1 buffer overflow
+
 2014.20140926.35254-6 [Sun, 18 Jan 2015 23:45:42 +0900] Norbert Preining <preining@debian.org>:
 
   * cherrypick security fix for libpng CVE-2015-0973 (Closes: #775673)

<http://10.200.17.11/4.2-5/#757611211291564100>
Comment 2 Philipp Hahn univentionstaff 2018-09-27 13:37:54 CEST
OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[4.2-5] 608d55414e Bug #47875: texlive-bin 2014.20140926.35254-6+deb8u1
 doc/errata/staging/texlive-bin.yaml | 18 +-----------------
 1 file changed, 1 insertion(+), 17 deletions(-)

[4.2-5] ecf30c2cbf Bug #47875: texlive-bin 2014.20140926.35254-6+deb8u1
 doc/errata/staging/texlive-bin.yaml | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
Comment 3 Arvid Requate univentionstaff 2018-10-04 16:16:59 CEST
<http://errata.software-univention.de/ucs/4.2/527.html>