From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- metadata/glsa/glsa-200805-13.xml | 72 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 metadata/glsa/glsa-200805-13.xml (limited to 'metadata/glsa/glsa-200805-13.xml') diff --git a/metadata/glsa/glsa-200805-13.xml b/metadata/glsa/glsa-200805-13.xml new file mode 100644 index 000000000000..f59408816319 --- /dev/null +++ b/metadata/glsa/glsa-200805-13.xml @@ -0,0 +1,72 @@ + + + + PTeX: Multiple vulnerabilities + + Multiple vulnerabilities were discovered in PTeX, possibly allowing the + execution of arbitrary code or overwriting arbitrary files. + + ptex + 2008-05-12 + 2008-05-12: 01 + 196673 + remote + + + 3.1.10_p20071203 + 3.1.10_p20071203 + + + +

+ PTeX is a TeX distribution with Japanese support. It is used for + creating and manipulating LaTeX documents. +

+ + +

+ Multiple issues were found in the teTeX 2 codebase that PTeX builds + upon (GLSA 200709-17, GLSA 200711-26). PTeX also includes vulnerable + code from the GD library (GLSA 200708-05), from Xpdf (GLSA 200709-12, + GLSA 200711-22) and from T1Lib (GLSA 200710-12). +

+ + +

+ Remote attackers could possibly execute arbitrary code and local + attackers could possibly overwrite arbitrary files with the privileges + of the user running PTeX via multiple vectors, e.g. enticing users to + open specially crafted files. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PTeX users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/ptex-3.1.10_p20071203" + + + GLSA 200708-05 + GLSA 200709-12 + GLSA 200709-17 + GLSA 200710-12 + GLSA 200711-22 + GLSA 200711-26 + + + p-y + + + p-y + + + p-y + + -- cgit v1.2.3