Multiple array index errors in set.c in dvipng 1.11 and 1.12, and
teTeX, allow remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a
malformed DVI file.
Arch teams, please stabilise dvipng-1.13.
Stable for HPPA.
Stable for PPC.
ppc64 done; closing as last arch
didnt mean to close; sorry sec guys
Vulnerable dvipng-1.12-r1 removed.
All arches stable, so changing whiteboard status.
Thank you all. Remove tex herd from CC, as its nothing to do here anymore.
This issue was resolved and addressed in
GLSA 201412-08 at http://security.gentoo.org/glsa/glsa-201412-08.xml
by GLSA coordinator Sean Amoss (ackle).