Debian Security Advisory DSA 1917-1 (mimetex)

The remote host is missing an update to mimetex announced via advisory DSA 1917-1.

Several vulnerabilities have been discovered in mimetex, a lightweight alternative to MathML. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1382 Chris Evans and Damien Miller, discovered multiple stack-based buffer overflow. An attacker could execute arbitrary code via a TeX file with long picture, circle, input tags. CVE-2009-2459 Chris Evans discovered that mimeTeX contained certain directives that may be unsuitable for handling untrusted user input. A remote attacker can obtain sensitive information. For the oldstable distribution (etch), these problems have been fixed in version 1.50-1+etch1. Due to a bug in the archive system, the fix for the stable distribution (lenny) will be released as version 1.50-1+lenny1 once it is available. For the testing distribution (squeeze), and the unstable distribution (sid), these problems have been fixed in version 1.50-1.1. We recommend that you upgrade your mimetex packages.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201917-1