| Description: | Several vulnerabilities have been discovered in mimetex, a lightweight alternative to MathML. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1382 Chris Evans and Damien Miller, discovered multiple stack-based buffer overflow. An attacker could execute arbitrary code via a TeX file with long picture, circle, input tags. CVE-2009-2459 Chris Evans discovered that mimeTeX contained certain directives that may be unsuitable for handling untrusted user input. A remote attacker can obtain sensitive information. For the oldstable distribution, these problems have been fixed in version 1.50-1+etch1. Due to a bug in the archive system, the fix for the stable distribution will be released as version 1.50-1+lenny1 once it is available. For the testing distribution, and the unstable distribution, these problems have been fixed in version 1.50-1.1. We recommend that you upgrade your mimetex packages. |