tetex needs updating because it includes vulnerable xpdf code. See bug 185225 for a patch.
CC'ing maintainer and setting whiteboard status.
Adding CVE number
After talking to aballier, I just committed app-text/tetex-3.0_p1-r4 that should fix this issue. I also cleaned out old versions of tetex-3, but 2 probably still contains vulnerable code. Pylon said he'd look into what needs 2.0 before that can be cleaned out.
any updates about the 2.x series?
(In reply to comment #4) > any updates about the 2.x series? Not from me. Pylon, does anything still need it?
> Not from me. Pylon, does anything still need it? AFAIK we can clean out tetex-2 from the tree. The only thing that holds us back is stabilising some ebuilds. Let me create a list tomorrow.
(In reply to comment #6) > > Not from me. Pylon, does anything still need it? > > AFAIK we can clean out tetex-2 from the tree. The only thing that holds us > back is stabilising some ebuilds. Let me create a list tomorrow. > Ok, so I guess we can just mark > 3.0_p1-r4 as unaffected, and < vulnerable (so including all 2.x series too, but since it will be removed soon it's no problem). is it ok with you?
GLSA 200707-17.
(In reply to comment #8) > GLSA 200707-17. > hmm it was 200709-17, sorry :/