From ${URL} : A format string vulnerability was found in CmdKeywords function when processing \keywords command in tex file. When the user runs latex2rtf with malicious crafted tex file, an attacker can execute arbitrary code. The variable `keywords' in the function CmdKeywords may hold a malicious input string, which can be used as a format argument of vsnprintf. Vulnerable code: 1789 char *keywords = getBraceParam(); ... 1798 fprintRTF(keywords); ... 858 void fprintRTF(char *format, ...){ ... 873 vsnprintf(buffer, 1024, format, apf); ... Public disclosure (includes reproducer and suggested fix): http://seclists.org/oss-sec/2015/q4/283 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
[master 0ae8d7b] dev-tex/latex2rtf: Version bump (security bug #566032) 2 files changed, 47 insertions(+) create mode 100644 dev-tex/latex2rtf/latex2rtf-2.3.11.ebuild
*** Bug 535390 has been marked as a duplicate of this bug. ***
Stable for HPPA PPC64.
Stable on alpha.
amd64 stable
x86 stable
sparc stable
ppc stable
ia64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Arches, Thank you for your work. GLSA Vote: No Maintainer(s), please drop the vulnerable version(s).
Please clean the vulnerable versions.
Please clean vulnerable versions from tree.
Cleanup PR: https://github.com/gentoo/gentoo/pull/3383
Tree is clean.
