package: texline-bin severity: important tags: patch only lenny is affected since only versions < 2009 are affected. this is not severe enough for a dsa, so this should be fixed in an spu.
thanks, mike
Description: fix denial of service via buffer overflow Origin: upstream, http://tug.org/mailman/htdig/tex-live/2009-August/021998.html Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520920 diff -Nur texlive-bin-2007.dfsg.2/build/source/texk/web2c/bibtex.ch texlive-bin-2007.dfsg.2.new/build/source/texk/web2c/bibtex.ch --- texlive-bin-2007.dfsg.2/build/source/texk/web2c/bibtex.ch 2006-12-26 18:37:34.000000000 -0500 +++ texlive-bin-2007.dfsg.2.new/build/source/texk/web2c/bibtex.ch 2010-04-22 09:11:45.000000000 -0400 @@ -1134,6 +1134,15 @@ @y @z +% Forgot to check for pool overflow here. Triggered by test case linked +% from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520920. +...@x +while (sp_ptr < sp_end) do {shift the substring} +...@y +str_room(sp_end - sp_ptr); +while (sp_ptr < sp_end) do {shift the substring} +...@z + % [459] Eliminate unreferenced statement label, because `undefined' is % now a constant expression that is not evaluated at the Web level. If % this label were ever required, it could be replaced by the constant
