Tetex includes xpdf code, so it is vulnerable to : - CAN-2004-0888 and CAN-2004-0889 and 64 bit issues that were found on these xpdf2-style patches for these 2 can be found in app-text/pdftohtml files xpdf3-style patches for these 2 can be found in gnustep-libs/pdfkit files - CAN-2004-1125 (see bug 75191) Tetex also includes tmpfile vulns in "xdvizilla", see attached patch.
Created attachment 46970 [details, diff] xdvizilla.patch xdvizilla tmpfile vulns patch, ripped from Ubuntu's diff.
text-markup team, please apply patches and bump.
Mandrake Advisory: MDKSA-2004:166 Ubuntu Security Notice: USN-51-1 text-markup team: please apply patches and bump
I don't have time to do this until 17 Jan. Sorry for that. (It includes several patches and we need to check tetex, ptex and cstetex) Could somebody else from text-markup team apply these patches?
Mamoru: I tried to ask to other text-markup members but it seems only you can do it :/ If you know someone else please contact him/her and ask for help... since I didn't have much success asking for help myself.
Created attachment 47932 [details] tetex-2.0.2-r5.ebuild
Created attachment 47933 [details] ptex-3.1.4-r2.ebuild
Created attachment 47937 [details] cstetex-2.0.2-r1.ebuild
Matsuu: you're missing the CAN-2004-1125 fix. Something like app-text/pdftohtml/pdftohtml-xpdf-3.00pl2-CAN-2004-1125.patch should be applied too.
Created attachment 48625 [details, diff] xpdf-CESA-2004-007-xpdf2-newer.diff
Created attachment 48626 [details, diff] xpdf-goo-sizet.patch
Created attachment 48627 [details, diff] xpdf2-underflow.patch
Created attachment 48628 [details, diff] xpdf-3.00pl2-CAN-2004-1125.patch
Created attachment 48629 [details] tetex-2.0.2-r5.ebuild
Matsuu, you should commit new ebuilds in portage, as ~ Please also include xpdf-3.00pl3.patch from bug 77888
*** Bug 78251 has been marked as a duplicate of this bug. ***
app-text/tetex-2.0.2-r5 app-text/cstetex-2.0.2-r1 app-text/ptex-3.1.4-r2 in cvs
Target KEYWORDS: app-text/tetex-2.0.2-r5: alpha amd64 arm, hppa, ia64, mips, ppc, ppc64, ppc, macos, s390, sparc, x86 app-text/cstetex-2.0.2-r1: x86 app-text/ptex-3.1.4-r2: alpha, amd64, ppc, sparc, ppc64, ppc-macos, x86 archs, please mark stable.
s/ppc, macos/ppc-macos/
app-text/tetex-2.0.2-r5 stable on amd64, I'll have to find someone else to test ptex
Stable on alpha.
all three done on x86
app-text/ptex-3.1.4-r2 and app-text/tetex-2.0.2-r5 stable on ppc64
Tetex good for sparc. Builds, installs, and creates correct output. I cannot comment on cstetex or ptex, and am leaving them for someone who knows what they are.
tetex stable on mips.
ptex doesn't build for me... :-/
i can't confirm kugelfang's issue, it works fine here so i marked it stable
tetex and ptex stable on ppc.
We just wait on sparc testing of ptex to issue the GLSA.
ptex stable on sparc
GLSA 200501-31 arm, hppa, ia64, ppc-macos, s390: please mark those stable to benefit from GLSA
Already stable on hppa