CVE-2010-0827 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0827): Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file.
CVE-2010-1440 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1440): Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and earlier, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a special command in a DVI file, related to the (1) predospecial and (2) bbdospecial functions, a different vulnerability than CVE-2010-0739.
CVE-2010-0739 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0739): Integer overflow in the predospecial function in dospecial.c in dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote attackers to execute arbitrary code via a crafted DVI file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
texlive-core-2008-r8 fixes this as is our stable candidate I'll fix 2009 asap for ~arch; I'll probably skip stabilizing 2009 since TeX Live 2010 is expected soon and should fix a couple of annoying issues.
FWIW texlive-core-2009-r2 fixes this also
(In reply to comment #3) > texlive-core-2008-r8 fixes this as is our stable candidate This should be pushed to stable I guess. Please consider adding ARCHs. Current stable 2008-r7: alpha, amd64, arm, hppa, ia64, ppc, ppc64, s390, sh, sparc, x86
texlive 2010 is now stable, guess you can close the bug / do the glsa stuff
(In reply to comment #6) > texlive 2010 is now stable, guess you can close the bug / do the glsa stuff Thanks, Alexis. Rated this B2 and added to existing GLSA request.
Thank you all. Remove tex from CC as its nothing to do here anymore.
This issue was resolved and addressed in GLSA 201206-28 at http://security.gentoo.org/glsa/glsa-201206-28.xml by GLSA coordinator Stefan Behte (craig).