Fedora Legacy Test Update Notification: tetex

Marc Deslauriers marcdeslauriers at videotron.ca
Thu Apr 27 00:10:02 UTC 2006 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2006-152868
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152868
2006-04-26
---------------------------------------------------------------------

Name        : tetex
Versions    : rh73: tetex-1.0.7-47.5.legacy
Versions    : rh9: tetex-1.0.7-66.3.legacy
Versions    : fc1: tetex-2.0.2-8.2.legacy
Versions    : fc2: tetex-2.0.2-14FC2.3.legacy
Summary     : The TeX text formatting system.
Description :
TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes
a text file and a set of formatting commands as input and creates a
typesetter-independent .dvi (DeVice Independent) file as output.
Usually, TeX is used in conjunction with a higher level formatting
package like LaTeX or PlainTeX, since TeX by itself is not very
user-friendly.

---------------------------------------------------------------------
Update Information:

Updated tetex packages that fix several security issues are now
available.

TeTeX is an implementation of TeX. TeX takes a text file and a set of
formatting commands as input and creates a typesetter-independent .dvi
(DeVice Independent) file as output.

A number of integer overflow bugs that affect Xpdf were discovered. The
teTeX package contains a copy of the Xpdf code used for parsing PDF
files and is therefore affected by these bugs. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
names CVE-2004-0888 and CVE-2004-1125 to these issues.

Several flaws were discovered in the teTeX PDF parsing library. An
attacker could construct a carefully crafted PDF file that could cause
teTeX to crash or possibly execute arbitrary code when opened. The
Common Vulnerabilities and Exposures project assigned the names
CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-3624,
CVE-2005-3625, CVE-2005-3626, CVE-2005-3627 and CVE-2005-3628 to these
issues.

Users of teTeX should upgrade to these updated packages, which contain
backported patches and are not vulnerable to these issues.

---------------------------------------------------------------------
Changelogs

rh73:
* Tue Apr 25 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
1.0.7-47.5.legacy
- Added tetex tetex-latex and tetex-dvips to BuildPreReq!

* Fri Apr 21 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
1.0.7-47.4.legacy
- Added patch to remove expiration check

* Wed Apr 19 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
1.0.7-47.3.legacy
- Added missing netpbm-progs, ghostscript, ed and texinfo to BuildPrereq

* Fri Mar 17 2006 Donald Maner <donjr at pobox.com> 1.0.7-47.2.legacy
- Patches for CESA-2004-007, CAN-2004-1125, CAN-2004-0888, CVE-2005-3193

rh9:
* Tue Apr 25 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
1.0.7-66.3.legacy
- Added missing tetex, tetex-latex and tetex-dvips to BuildPreReq

* Fri Apr 21 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
1.0.7-66.2.legacy
- Added missing ed and texinfo to BuildPrereq

* Thu Mar 16 2006 Donald Maner <donjr at pobox.com> 1.0.7-66.1.legacy
- Patches for CESA-2004-007 CAN-2004-0888 CAN-2004-1125 CVE-2005-3193
(#152868)

fc1:
* Wed Apr 26 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.0.2-8.2.legacy
- Added missing ed, texinfo, tetex, tetex-latex and tetex-dvips to
BuildPreReq

* Thu Mar 16 2006 Donald Maner <donjr at pobox.com> 2.0.2-8.1.legacy
- Patches for CAN-2004-0888, CAN-2004-1125, CAN-2005-0064
  and 2005-3193

fc2:
* Tue Apr 25 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.0.2-14FC2.3.legacy
- Fixed release tag
- Added missing tetex, tetex-latex and tetex-dvips to BuildPreReq

* Thu Mar 16 2006 Donald Maner <donjr at pobox.com> 2.0.2-14.3.legacy
- Patch CVE-2005-3193 (#152868)

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

rh73:
80b05b7896c5db589e960da0d73b1cd4ae120cce
redhat/7.3/updates-testing/i386/tetex-1.0.7-47.5.legacy.i386.rpm
28c6022b4f6a237d4695d1f268276ec6b18dcf4c
redhat/7.3/updates-testing/i386/tetex-afm-1.0.7-47.5.legacy.i386.rpm
017fa321d9834685f04819070d4f5fb799e05d01
redhat/7.3/updates-testing/i386/tetex-doc-1.0.7-47.5.legacy.i386.rpm
3303175840f2fc37c5f3f77e672eeb3fafae718a
redhat/7.3/updates-testing/i386/tetex-dvilj-1.0.7-47.5.legacy.i386.rpm
fa43c7cbdf02cb7d439c9beeb0e358f8c69a5f22
redhat/7.3/updates-testing/i386/tetex-dvips-1.0.7-47.5.legacy.i386.rpm
1e69a574c3d47cec5b58963387956dfc8337d6ec
redhat/7.3/updates-testing/i386/tetex-fonts-1.0.7-47.5.legacy.i386.rpm
bb229acb3b38ae16025d56a77c41cab939a512ac
redhat/7.3/updates-testing/i386/tetex-latex-1.0.7-47.5.legacy.i386.rpm
d21419415faefcb90b688f8d8dc60a57a6374bad
redhat/7.3/updates-testing/i386/tetex-xdvi-1.0.7-47.5.legacy.i386.rpm
f646b3f3c2ebafa6ae264f20a3f056c778bd84db
redhat/7.3/updates-testing/SRPMS/tetex-1.0.7-47.5.legacy.src.rpm

rh9:
26f54ca0403372b21e6fd441d9bb64073f23e7de
redhat/9/updates-testing/i386/tetex-1.0.7-66.3.legacy.i386.rpm
e74de7855d1d07bcef6a713f4a8735e8008f5249
redhat/9/updates-testing/i386/tetex-afm-1.0.7-66.3.legacy.i386.rpm
c836a796ad112f79c84c528006a14a3ff1f99a20
redhat/9/updates-testing/i386/tetex-doc-1.0.7-66.3.legacy.i386.rpm
5d60fb658c5581eff85e589b2f71e49b4b7132b0
redhat/9/updates-testing/i386/tetex-dvips-1.0.7-66.3.legacy.i386.rpm
7ea6340fe95a63586bebc82f0869f962a178a8b2
redhat/9/updates-testing/i386/tetex-fonts-1.0.7-66.3.legacy.i386.rpm
62790eea2119387ad7c9ff4dc52aa9f24ae188f3
redhat/9/updates-testing/i386/tetex-latex-1.0.7-66.3.legacy.i386.rpm
55f398c9781e6a75c14becd57930afd91632c8fb
redhat/9/updates-testing/i386/tetex-xdvi-1.0.7-66.3.legacy.i386.rpm
a696b9b616557bf0d9b8ae7f884e543061e0e110
redhat/9/updates-testing/SRPMS/tetex-1.0.7-66.3.legacy.src.rpm

fc1:
5560c992700e00a6f69d9ee7d2835522142fb93b
fedora/1/updates-testing/i386/tetex-2.0.2-8.2.legacy.i386.rpm
416e95e8c3241c6fb239ca534dbb5654f5bb4206
fedora/1/updates-testing/i386/tetex-afm-2.0.2-8.2.legacy.i386.rpm
55adc5facf3a5c44cd5eb8b57559b03728fb7a64
fedora/1/updates-testing/i386/tetex-doc-2.0.2-8.2.legacy.i386.rpm
e893ad3c1c95abd91830b43fa74138be297da25e
fedora/1/updates-testing/i386/tetex-dvips-2.0.2-8.2.legacy.i386.rpm
b5b4de3d22bf7696ed5194f68c271d08d912d571
fedora/1/updates-testing/i386/tetex-fonts-2.0.2-8.2.legacy.i386.rpm
57029989a0bba05d33c566bdb0df6ff921f3addd
fedora/1/updates-testing/i386/tetex-latex-2.0.2-8.2.legacy.i386.rpm
857555c989ce1db61ddec8a7fdaf30a21bd1a207
fedora/1/updates-testing/i386/tetex-xdvi-2.0.2-8.2.legacy.i386.rpm
f4cd83ce6594ce3a2ba6f3371d22b46435be8fbd
fedora/1/updates-testing/SRPMS/tetex-2.0.2-8.2.legacy.src.rpm

fc2:
b02943e6007fc24a8c187d94c1511110d3d6e6e0
fedora/2/updates-testing/i386/tetex-2.0.2-14FC2.3.legacy.i386.rpm
08f84cc10ee1b4ea4a0a28b0d06cba8209c0c5f3
fedora/2/updates-testing/i386/tetex-afm-2.0.2-14FC2.3.legacy.i386.rpm
ea6b0ea52e2784a8d4de505e8866b6ca24ff94dd
fedora/2/updates-testing/i386/tetex-doc-2.0.2-14FC2.3.legacy.i386.rpm
61298e2841be9ce39260139387502f2caa555653
fedora/2/updates-testing/i386/tetex-dvips-2.0.2-14FC2.3.legacy.i386.rpm
42271d0bf5aab0b7b77c6ccb90723588395e06a2
fedora/2/updates-testing/i386/tetex-fonts-2.0.2-14FC2.3.legacy.i386.rpm
555556960f4e116cc1f92d57d8896284cf125935
fedora/2/updates-testing/i386/tetex-latex-2.0.2-14FC2.3.legacy.i386.rpm
23d0051001771158b6573c846d1e736308cba424
fedora/2/updates-testing/i386/tetex-xdvi-2.0.2-14FC2.3.legacy.i386.rpm
c05978c27472e3a8fbfc12896e26d78ae18e065b
fedora/2/updates-testing/SRPMS/tetex-2.0.2-14FC2.3.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20060426/00925ea1/attachment.sig>

More information about the fedora-legacy-list mailing list