Subject: CVS commit: [pkgsrc-2010Q1] pkgsrc/print/dvipsk
From: Matthias Scheler
Date: 2010-06-08 20:22:06
Message id: 20100608182206.F1CE6175DD@cvs.netbsd.org

Log Message:
Pullup ticket #3143 - requested by minskim
print/dvipsk: security patch

Revisions pulled up:
- print/dvipsk/Makefile				1.6
- print/dvipsk/distinfo				1.5
- print/dvipsk/patches/patch-ab			1.4
---
Module Name:	pkgsrc
Committed By:	minskim
Date:		Tue Jun  8 15:17:05 UTC 2010

Modified Files:
	pkgsrc/print/dvipsk: Makefile distinfo
	pkgsrc/print/dvipsk/patches: patch-ab

Log Message:
Fix CVE-2010-1440.  Patch from TeX Live repository.

  Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX
  Live 2009 and earlier, and teTeX, allow remote attackers to cause a
  denial of service (application crash) or possibly execute arbitrary
  code via a special command in a DVI file, related to the (1)
  predospecial and (2) bbdospecial functions, a different
  vulnerability than CVE-2010-0739.

Files:
RevisionActionfile
1.4.2.2modifypkgsrc/print/dvipsk/Makefile
1.3.2.2modifypkgsrc/print/dvipsk/distinfo
1.3.2.3modifypkgsrc/print/dvipsk/patches/patch-ab