Debian Bug report logs - #447081
dvips -z segfault with really long url on \href

version graph

Package: texlive-base-bin; Maintainer for texlive-base-bin is (unknown);

Reported by: Bastien ROUCARIES <bastien.roucaries+bugs@enseeiht.fr>

Date: Wed, 17 Oct 2007 21:54:01 UTC

Severity: normal

Tags: patch

Found in version texlive-bin/2007-14

Fixed in version texlive-bin/2007.dfsg.1-1

Done: Norbert Preining <preining@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#447081; Package texlive-base-bin. Full text and rfc822 format available.

Acknowledgement sent to Bastien ROUCARIES <bastien.roucaries+bugs@enseeiht.fr>:
New Bug report received and forwarded. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Bastien ROUCARIES <bastien.roucaries+bugs@enseeiht.fr>
To: submit@bugs.debian.org
Subject: dvips -z segfault with really long url on \href
Date: Wed, 17 Oct 2007 23:51:40 +0200
Subject: texlive-base-bin: dvips -z segfault with really long url on \href
Package: texlive-base-bin
Version: 2007-14
Severity: normal

Run latex then dvips -z on the following file and dvips will segfault
look like a buffer overrun...

\documentclass{article}

\usepackage[hypertex]{hyperref}

\begin{document}

\href{/XXXX/XXXXXXX/XXX/XXXXX/XXXXXXXXXXXXXXX/XXXXXXX/XXXXXXXXXXXXXXXXX/XXXXXXXXXX 
XXXXXXXXXXXXXXXXXXX/XXXXXXXXXX XXXXX XXXXXXXXXXXXX - 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX}{solot}

\end{document}

Regards 

Bastien




Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#447081; Package texlive-base-bin. Full text and rfc822 format available.

Acknowledgement sent to Norbert Preining <preining@logic.at>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. Full text and rfc822 format available.

Message #10 received at 447081@bugs.debian.org (full text, mbox):

From: Norbert Preining <preining@logic.at>
To: Bastien ROUCARIES <bastien.roucaries+bugs@enseeiht.fr>, 447081@bugs.debian.org
Subject: Re: Bug#447081: dvips -z segfault with really long url on \href
Date: Thu, 18 Oct 2007 07:37:41 +0200
> Run latex then dvips -z on the following file and dvips will segfault
> look like a buffer overrun...

I cannot confirm this:

$ cat foo.tex
\documentclass{article}

\usepackage[hypertex]{hyperref}

\begin{document}

\href{/XXXX/XXXXXXX/XXX/XXXXX/XXXXXXXXXXXXXXX/XXXXXXX/XXXXXXXXXXXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXXXXXXXX/XXXXXXXXXX XXXXX XXXXXXXXXXXXX - XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX}{solot}

\end{document}
$ latex foo
...
$ dvips foo
This is dvips(k) 5.96.1 Copyright 2007 Radical Eye Software (www.radicaleye.com)
' TeX output 2007.10.18:0736' -> foo.ps
</usr/share/texmf-texlive/dvips/base/tex.pro>
</usr/share/texmf-texlive/dvips/base/texps.pro>
</usr/share/texmf-texlive/dvips/base/special.pro>. 
</usr/share/texmf-texlive/fonts/type1/bluesky/cm/cmr10.pfb>[1] 
$

No idea what has happened on your side, can you send the dvi file?

Best wishes

Norbert

-------------------------------------------------------------------------------
Dr. Norbert Preining <preining@logic.at>        Vienna University of Technology
Debian Developer <preining@debian.org>                         Debian TeX Group
gpg DSA: 0x09C5B094      fp: 14DF 2E6C 0307 BE6D AD76  A9C0 D2BF 4AA3 09C5 B094
-------------------------------------------------------------------------------
TIBSHELF (n.)
Criss-cross wooden construction hung on a wall in a teenage girl's
bedroom which is covered with glass bambies and poodles, matching pigs
and porcelain ponies in various postures.
			--- Douglas Adams, The Meaning of Liff




Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#447081; Package texlive-base-bin. Full text and rfc822 format available.

Acknowledgement sent to Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. Full text and rfc822 format available.

Message #15 received at 447081@bugs.debian.org (full text, mbox):

From: Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>
To: 447081@bugs.debian.org
Cc: bastien.roucaries+bugs@enseeiht.fr
Subject: Re: Bug#447081: dvips -z segfault with really long url on \href
Date: Thu, 18 Oct 2007 16:49:12 +0900 (JST)
Hi all,

On Thu, 18 Oct 2007 07:37:41 +0200, Norbert Preining wrote:

> > Run latex then dvips -z on the following file and dvips will segfault
> > look like a buffer overrun...
> 
> I cannot confirm this:
...
> $ dvips foo
> This is dvips(k) 5.96.1 Copyright 2007 Radical Eye Software (www.radicaleye.com)

Bastien, have you installed dvipsk-ja?  
(Please attach an output of dvips as Norbert did then
we can see what dvips you used.)

It seems dvips of dvipsk-ja causes segfault.

Regards,       	  	    	  2007-10-18(Thu)

-- 
 Debian Developer & Debian JP Developer - much more I18N of Debian
 Atsuhito Kohda <kohda AT debian.org>
 Department of Math., Univ. of Tokushima




Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#447081; Package texlive-base-bin. Full text and rfc822 format available.

Acknowledgement sent to Bastien ROUCARIES <bastien.roucaries@enseeiht.fr>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. Full text and rfc822 format available.

Message #20 received at 447081@bugs.debian.org (full text, mbox):

From: Bastien ROUCARIES <bastien.roucaries@enseeiht.fr>
To: 447081@bugs.debian.org
Cc: Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>, Norbert Preining <preining@logic.at>
Subject: Re: Bug#447081: dvips -z segfault with really long url on \href
Date: Thu, 18 Oct 2007 11:03:36 +0200
Le jeudi 18 octobre 2007, vous avez écrit :
> Hi all,
>
> On Thu, 18 Oct 2007 07:37:41 +0200, Norbert Preining wrote:
> > > Run latex then dvips -z on the following file and dvips will segfault
> > > look like a buffer overrun...
> >
> > I cannot confirm this:
>
> ...
>
> > $ dvips foo
> > This is dvips(k) 5.96.1 Copyright 2007 Radical Eye Software
> > (www.radicaleye.com)
>
> Bastien, have you installed dvipsk-ja? 

No I have not installed  dvipsk-ja, will try
> (Please attach an output of dvips as Norbert did then
> we can see what dvips you used.)


Full transcript (BTW i am using testing on amd64 perhaps it is due to a 64 bit 
issue)
sh-3.1$ dvips -v
This is dvips(k) 5.96.1 Copyright 2007 Radical Eye Software 
(www.radicaleye.com)
sh-3.1$ cat test.tex
\documentclass{article}

\usepackage[hypertex]{hyperref}

\begin{document}

\href{/XXXX/XXXXXXX/XXX/XXXXX/XXXXXXXXXXXXXXX/XXXXXXX/XXXXXXXXXXXXXXXXX/XXXXXXXXXX 
XXXXXXXXXXXXXXXXXXX/XXXXXXXXXX XXXXX XXXXXXXXXXXXX - 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX}{solot}

\end{document}
sh-3.1$ latex test.tex
This is pdfTeXk, Version 3.141592-1.40.3 (Web2C 7.5.6)
 %&-line parsing enabled.
entering extended mode
(./test.tex
LaTeX2e <2005/12/01>
Babel <v3.8h> and hyphenation patterns for english, usenglishmax, dumylang, 
noh
yphenation, croatian, ukrainian, russian, bulgarian, czech, slovak, danish, 
dut
ch, finnish, basque, french, german, ngerman, ibycus, greek, monogreek, 
ancient
greek, hungarian, italian, latin, mongolian, norsk, icelandic, interlingua, 
tur
kish, coptic, romanian, welsh, serbian, slovenian, estonian, esperanto, 
upperso
rbian, indonesian, polish, portuguese, spanish, catalan, galician, swedish, 
uke
nglish, loaded.
(/usr/share/texmf-texlive/tex/latex/base/article.cls
Document Class: article 2005/09/16 v1.4f Standard LaTeX document class
(/usr/share/texmf-texlive/tex/latex/base/size10.clo))
(/usr/share/texmf-texlive/tex/latex/hyperref/hyperref.sty
(/usr/share/texmf-texlive/tex/latex/graphics/keyval.sty)
(/usr/share/texmf-texlive/tex/latex/hyperref/pd1enc.def)
(/etc/texmf/tex/latex/config/hyperref.cfg)
(/usr/share/texmf-texlive/tex/latex/oberdiek/kvoptions.sty)
Implicit mode ON; LaTeX internals redefined
(/usr/share/texmf-texlive/tex/latex/ltxmisc/url.sty))
*hyperref using driver hypertex*
(/usr/share/texmf-texlive/tex/latex/hyperref/hypertex.def) (./test.aux)
(/usr/share/texmf-texlive/tex/latex/hyperref/nameref.sty
(/usr/share/texmf-texlive/tex/latex/oberdiek/refcount.sty)) [1] (./test.aux) )
Output written on test.dvi (1 page, 512 bytes).
Transcript written on test.log.
sh-3.1$ cat test.log
This is pdfTeXk, Version 3.141592-1.40.3 (Web2C 7.5.6) (format=latex 
2007.10.7)  18 OCT 2007 10:59
entering extended mode
 %&-line parsing enabled.
**test.tex
(./test.tex
LaTeX2e <2005/12/01>
Babel <v3.8h> and hyphenation patterns for english, usenglishmax, dumylang, 
noh
yphenation, croatian, ukrainian, russian, bulgarian, czech, slovak, danish, 
dut
ch, finnish, basque, french, german, ngerman, ibycus, greek, monogreek, 
ancient
greek, hungarian, italian, latin, mongolian, norsk, icelandic, interlingua, 
tur
kish, coptic, romanian, welsh, serbian, slovenian, estonian, esperanto, 
upperso
rbian, indonesian, polish, portuguese, spanish, catalan, galician, swedish, 
uke
nglish, loaded.
(/usr/share/texmf-texlive/tex/latex/base/article.cls
Document Class: article 2005/09/16 v1.4f Standard LaTeX document class
(/usr/share/texmf-texlive/tex/latex/base/size10.clo
File: size10.clo 2005/09/16 v1.4f Standard LaTeX file (size option)
)
\c@part=\count79
\c@section=\count80
\c@subsection=\count81
\c@subsubsection=\count82
\c@paragraph=\count83
\c@subparagraph=\count84
\c@figure=\count85
\c@table=\count86
\abovecaptionskip=\skip41
\belowcaptionskip=\skip42
\bibindent=\dimen102
)
(/usr/share/texmf-texlive/tex/latex/hyperref/hyperref.sty
Package: hyperref 2007/02/07 v6.75r Hypertext links for LaTeX

(/usr/share/texmf-texlive/tex/latex/graphics/keyval.sty
Package: keyval 1999/03/16 v1.13 key=value parser (DPC)
\KV@toks@=\toks14
)
\@linkdim=\dimen103
\Hy@linkcounter=\count87
\Hy@pagecounter=\count88

(/usr/share/texmf-texlive/tex/latex/hyperref/pd1enc.def
File: pd1enc.def 2007/02/07 v6.75r Hyperref: PDFDocEncoding definition (HO)
)
(/etc/texmf/tex/latex/config/hyperref.cfg
File: hyperref.cfg 2002/06/06 v1.2 hyperref configuration of TeXLive
)
(/usr/share/texmf-texlive/tex/latex/oberdiek/kvoptions.sty
Package: kvoptions 2006/08/22 v2.4 Connects package keyval with LaTeX options 
(
HO)
)
Package hyperref Info: Hyper figures OFF on input line 2288.
Package hyperref Info: Link nesting OFF on input line 2293.
Package hyperref Info: Hyper index ON on input line 2296.
Package hyperref Info: Plain pages OFF on input line 2303.
Package hyperref Info: Backreferencing OFF on input line 2308.

Implicit mode ON; LaTeX internals redefined
Package hyperref Info: Bookmarks ON on input line 2444.
(/usr/share/texmf-texlive/tex/latex/ltxmisc/url.sty
\Urlmuskip=\muskip10
Package: url 2005/06/27  ver 3.2  Verb mode for urls, etc.
)
LaTeX Info: Redefining \url on input line 2599.
\Fld@menulength=\count89
\Field@Width=\dimen104
\Fld@charsize=\dimen105
\Choice@toks=\toks15
\Field@toks=\toks16
Package hyperref Info: Hyper figures OFF on input line 3102.
Package hyperref Info: Link nesting OFF on input line 3107.
Package hyperref Info: Hyper index ON on input line 3110.
Package hyperref Info: backreferencing OFF on input line 3117.
Package hyperref Info: Link coloring OFF on input line 3122.
\Hy@abspage=\count90
\c@Item=\count91
\c@Hfootnote=\count92
)
*hyperref using driver hypertex*
(/usr/share/texmf-texlive/tex/latex/hyperref/hypertex.def
File: hypertex.def 2007/02/07 v6.75r Hyperref driver for HyperTeX specials
) (./test.aux)
\openout1 = `test.aux'.

LaTeX Font Info:    Checking defaults for OML/cmm/m/it on input line 5.
LaTeX Font Info:    ... okay on input line 5.
LaTeX Font Info:    Checking defaults for T1/cmr/m/n on input line 5.
LaTeX Font Info:    ... okay on input line 5.
LaTeX Font Info:    Checking defaults for OT1/cmr/m/n on input line 5.
LaTeX Font Info:    ... okay on input line 5.
LaTeX Font Info:    Checking defaults for OMS/cmsy/m/n on input line 5.
LaTeX Font Info:    ... okay on input line 5.
LaTeX Font Info:    Checking defaults for OMX/cmex/m/n on input line 5.
LaTeX Font Info:    ... okay on input line 5.
LaTeX Font Info:    Checking defaults for U/cmr/m/n on input line 5.
LaTeX Font Info:    ... okay on input line 5.
LaTeX Font Info:    Checking defaults for PD1/pdf/m/n on input line 5.
LaTeX Font Info:    ... okay on input line 5.
Package hyperref Info: Link coloring OFF on input line 5.

(/usr/share/texmf-texlive/tex/latex/hyperref/nameref.sty
Package: nameref 2006/12/27 v2.28 Cross-referencing by name of section

(/usr/share/texmf-texlive/tex/latex/oberdiek/refcount.sty
Package: refcount 2006/02/20 v3.0 Data extraction from references (HO)
)
\c@section@level=\count93
)
LaTeX Info: Redefining \ref on input line 5.
LaTeX Info: Redefining \pageref on input line 5.
 [1

] (./test.aux) )
Here is how much of TeX's memory you used:
 2013 strings out of 94090
 28732 string characters out of 1165614
 73858 words of memory out of 1500000
 5347 multiletter control sequences out of 10000+50000
 3640 words of font info for 14 fonts, out of 1200000 for 2000
 645 hyphenation exceptions out of 8191
 25i,4n,21p,210b,296s stack positions out of 5000i,500n,6000p,200000b,5000s

Output written on test.dvi (1 page, 512 bytes).
sh-3.1$ dvips -z test.dvi
This is dvips(k) 5.96.1 Copyright 2007 Radical Eye Software 
(www.radicaleye.com)
' TeX output 2007.10.18:1059' -> test.ps
</usr/share/texmf-texlive/dvips/base/tex.pro>
</usr/share/texmf-texlive/dvips/base/texps.pro>
</usr/share/texmf-texlive/dvips/base/special.pro>
</home/bastien/texmf/dvips/hps.pro>.
</usr/share/texmf-texlive/fonts/type1/bluesky/cm/cmr10.pfb>[1Erreur de 
segmentation
sh-3.1$ 



> It seems dvips of dvipsk-ja causes segfault.
>
> Regards,       	  	    	  2007-10-18(Thu)



-- 

"ROUCARIES Bastien"
                                                 bastien.roucaries@enseeiht.fr
-------------------------------------------------------------------------------





Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#447081; Package texlive-base-bin. Full text and rfc822 format available.

Acknowledgement sent to Bastien ROUCARIES <bastien.roucaries@enseeiht.fr>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. Full text and rfc822 format available.

Message #25 received at 447081@bugs.debian.org (full text, mbox):

From: Bastien ROUCARIES <bastien.roucaries@enseeiht.fr>
To: Norbert Preining <preining@logic.at>
Cc: Bastien ROUCARIES <bastien.roucaries+bugs@enseeiht.fr>, 447081@bugs.debian.org
Subject: Re: Bug#447081: dvips -z segfault with really long url on \href
Date: Thu, 18 Oct 2007 11:08:41 +0200
[Message part 1 (text/plain, inline)]
Le jeudi 18 octobre 2007, Norbert Preining a écrit :
> > Run latex then dvips -z on the following file and dvips will segfault
> > look like a buffer overrun...
>
> I cannot confirm this:
>
> $ cat foo.tex
> \documentclass{article}
>
> \usepackage[hypertex]{hyperref}
>
> \begin{document}
>
> \href{/XXXX/XXXXXXX/XXX/XXXXX/XXXXXXXXXXXXXXX/XXXXXXX/XXXXXXXXXXXXXXXXX/XXX
>XXXXXXXXXXXXXXXXXXXXXXXXXX/XXXXXXXXXX XXXXX XXXXXXXXXXXXX -
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX}{solot}
>
> \end{document}
> $ latex foo
> ...
> $ dvips foo
> This is dvips(k) 5.96.1 Copyright 2007 Radical Eye Software
> (www.radicaleye.com) ' TeX output 2007.10.18:0736' -> foo.ps
> </usr/share/texmf-texlive/dvips/base/tex.pro>
> </usr/share/texmf-texlive/dvips/base/texps.pro>
> </usr/share/texmf-texlive/dvips/base/special.pro>.
> </usr/share/texmf-texlive/fonts/type1/bluesky/cm/cmr10.pfb>[1]
> $
>
> No idea what has happened on your side, can you send the dvi file?

Ok send dvifile

Regards Bastien
> Best wishes
>
> Norbert
>
> ---------------------------------------------------------------------------
>---- Dr. Norbert Preining <preining@logic.at>        Vienna University of
> Technology Debian Developer <preining@debian.org>                        
> Debian TeX Group gpg DSA: 0x09C5B094      fp: 14DF 2E6C 0307 BE6D AD76 
> A9C0 D2BF 4AA3 09C5 B094
> ---------------------------------------------------------------------------
>---- TIBSHELF (n.)
> Criss-cross wooden construction hung on a wall in a teenage girl's
> bedroom which is covered with glass bambies and poodles, matching pigs
> and porcelain ponies in various postures.
> 			--- Douglas Adams, The Meaning of Liff

[test.dvi (application/x-dvi, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#447081; Package texlive-base-bin. Full text and rfc822 format available.

Acknowledgement sent to Bastien ROUCARIES <bastien.roucaries@enseeiht.fr>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. Full text and rfc822 format available.

Message #30 received at 447081@bugs.debian.org (full text, mbox):

From: Bastien ROUCARIES <bastien.roucaries@enseeiht.fr>
To: Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>
Cc: 447081@bugs.debian.org, bastien.roucaries+bugs@enseeiht.fr
Subject: Re: Bug#447081: dvips -z segfault with really long url on \href
Date: Thu, 18 Oct 2007 11:10:43 +0200
Le jeudi 18 octobre 2007, Atsuhito Kohda a écrit :
> Hi all,
>
> On Thu, 18 Oct 2007 07:37:41 +0200, Norbert Preining wrote:
> > > Run latex then dvips -z on the following file and dvips will segfault
> > > look like a buffer overrun...
> >
> > I cannot confirm this:
>
> ...
>
> > $ dvips foo
> > This is dvips(k) 5.96.1 Copyright 2007 Radical Eye Software
> > (www.radicaleye.com)
>
> Bastien, have you installed dvipsk-ja?

I have just installed crash like original....

Regards 

Bastien

> (Please attach an output of dvips as Norbert did then
> we can see what dvips you used.)
>
> It seems dvips of dvipsk-ja causes segfault.
>
> Regards,       	  	    	  2007-10-18(Thu)



-- 

"ROUCARIES Bastien"
                                                 bastien.roucaries@enseeiht.fr
-------------------------------------------------------------------------------

Rien n'est si dangereux qu'un ignorant ami ;
Mieux vaudrait un sage ennemi.
	-+- Jean de La Fontaine (1621-1695), 
	    L'Ours et l'Amateur des jardins (Fables VIII.10) -+-




Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#447081; Package texlive-base-bin. Full text and rfc822 format available.

Acknowledgement sent to Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. Full text and rfc822 format available.

Message #35 received at 447081@bugs.debian.org (full text, mbox):

From: Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>
To: bastien.roucaries@enseeiht.fr, 447081@bugs.debian.org
Cc: bastien.roucaries+bugs@enseeiht.fr
Subject: Re: Bug#447081: dvips -z segfault with really long url on \href
Date: Thu, 18 Oct 2007 22:22:24 +0900 (JST)
On Thu, 18 Oct 2007 11:10:43 +0200, Bastien ROUCARIES wrote:

> > Bastien, have you installed dvipsk-ja?
> 
> I have just installed crash like original....

Hi Basien, sorry I misled you in a wrong direction.
I suspected that dvipsk-ja could cause the segfault
so I asked you if you have installed dvipsk-ja or not
and I didn't intend to suggest you to install dvipsk-ja.

On the contrary, to install dvipsk-ja is very bad here.
Please purge dvipsk-ja.

On Thu, 18 Oct 2007 11:03:36 +0200, Bastien ROUCARIES wrote:

> Full transcript (BTW i am using testing on amd64 perhaps it is due to a 64 bit 
> issue)

I'm not sure but this could be the origin of the problem.

Regards,     	      	       2007-10-18(Thu)

-- 
 Debian Developer & Debian JP Developer - much more I18N of Debian
 Atsuhito Kohda <kohda AT debian.org>
 Department of Math., Univ. of Tokushima




Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#447081; Package texlive-base-bin. Full text and rfc822 format available.

Acknowledgement sent to Bastien ROUCARIES <bastien.roucaries@enseeiht.fr>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. Full text and rfc822 format available.

Message #40 received at 447081@bugs.debian.org (full text, mbox):

From: Bastien ROUCARIES <bastien.roucaries@enseeiht.fr>
To: Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>
Cc: 447081@bugs.debian.org, bastien.roucaries+bugs@enseeiht.fr
Subject: Re: Bug#447081: dvips -z segfault with really long url on \href
Date: Thu, 18 Oct 2007 18:07:57 +0200
Le jeudi 18 octobre 2007, Atsuhito Kohda a écrit :
> On Thu, 18 Oct 2007 11:10:43 +0200, Bastien ROUCARIES wrote:
> > > Bastien, have you installed dvipsk-ja?
> >
> > I have just installed crash like original....
>
> Hi Basien, sorry I misled you in a wrong direction.
> I suspected that dvipsk-ja could cause the segfault
> so I asked you if you have installed dvipsk-ja or not
> and I didn't intend to suggest you to install dvipsk-ja.

I have immediatly purged it after my first test. 
Will try to compile dvips from source with -g3 and see when it crash.
It could be quite long (do not know how to build uniquely dvips)

BTW what is the C file in charge of hypertex?

> On the contrary, to install dvipsk-ja is very bad here.
> Please purge dvipsk-ja.
>
> On Thu, 18 Oct 2007 11:03:36 +0200, Bastien ROUCARIES wrote:
> > Full transcript (BTW i am using testing on amd64 perhaps it is due to a
> > 64 bit issue)
>
> I'm not sure but this could be the origin of the problem.
>
> Regards,     	      	       2007-10-18(Thu)



-- 

"ROUCARIES Bastien"
                                                 bastien.roucaries@enseeiht.fr
-------------------------------------------------------------------------------

<on_baise_pas_jesus> jayce, tu devrais pas être te  comporter  comme  ça
avec ce genre de public, tu pourrais le regretter, cincèrement 
<Jayce> on>> pourquoi ? ils vont me faire quoi hein ? je suis le fils d'
un sénateur je te le rappelle 
-- Jayce - Intouchable --




Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#447081; Package texlive-base-bin. Full text and rfc822 format available.

Acknowledgement sent to Bastien ROUCARIES <bastien.roucaries@enseeiht.fr>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. Full text and rfc822 format available.

Message #45 received at 447081@bugs.debian.org (full text, mbox):

From: Bastien ROUCARIES <bastien.roucaries@enseeiht.fr>
To: Norbert Preining <preining@logic.at>
Cc: Bastien ROUCARIES <bastien.roucaries+bugs@enseeiht.fr>, 447081@bugs.debian.org, Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>
Subject: Re: Bug#447081: Found bug solution proposed
Date: Thu, 18 Oct 2007 18:50:49 +0200
Le jeudi 18 octobre 2007, Norbert Preining a écrit :
> > Run latex then dvips -z on the following file and dvips will segfault
> > look like a buffer overrun...
>
> I cannot confirm this:
>
> $ cat foo.tex
> \documentclass{article}
>
> \usepackage[hypertex]{hyperref}
>
> \begin{document}
>
> \href{/XXXX/XXXXXXX/XXX/XXXXX/XXXXXXXXXXXXXXX/XXXXXXX/XXXXXXXXXXXXXXXXX/XXX
>XXXXXXXXXXXXXXXXXXXXXXXXXX/XXXXXXXXXX XXXXX XXXXXXXXXXXXX -
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX}{solot}
>
> \end{document}
> $ latex foo
> ...
> $ dvips foo
> This is dvips(k) 5.96.1 Copyright 2007 Radical Eye Software
> (www.radicaleye.com) ' TeX output 2007.10.18:0736' -> foo.ps
> </usr/share/texmf-texlive/dvips/base/tex.pro>
> </usr/share/texmf-texlive/dvips/base/texps.pro>
> </usr/share/texmf-texlive/dvips/base/special.pro>.
> </usr/share/texmf-texlive/fonts/type1/bluesky/cm/cmr10.pfb>[1]
> $
>
> No idea what has happened on your side, can you send the dvi file?

Found bug do not know how to patch using debian system...

File hpc.c
---------------------------
void stamp_hps P1C(Hps_link *, pl)
{
  char tmpbuf[200] ;         /*    <------- POTENTIAL BUG HERE malloc(strlen(pl->title)+200) safer */
  if (pl == NULL) {
    error("Null pointer, oh no!") ;
    return ;
  } else {
    /* print out the proper pdfm with local page info only 
     *  target info will be in the target dictionary */
    (void)sprintf(tmpbuf, 
		  " (%s) [[%.0f %.0f %.0f %.0f] [%i %i %i [%i %i]] [%.0f %.0f %.0f]] pdfm ", pl->title, pl->rect.llx, pl->rect.lly, pl->rect.urx, pl->rect.ury,
		  pl->border[0], pl->border[1], pl->border[2], pl->border[3],pl->border[4],
		  pl->color[0], pl->color[1], pl->color[2]) ;
    cmdout(tmpbuf) ; 
  }
  
}

/* For external URL's, we just pass them through as a string. The hyperps
 * interpreter can then do what is wants with them.
 */
void stamp_external P2C(char *, s, Hps_link *, pl) 
{
  char tmpbuf[200]; /*      BUG BUG HERE use malloc(strlen(s)+200) */
  if (pl == NULL) {
    error("Null pointer, oh no!") ;
    return ;
  } else {
    /* print out the proper pdfm with local page info only 
     *  target info will be in the target dictionary */
    (void)sprintf(tmpbuf," [[%.0f %.0f %.0f %.0f] [%i %i %i [%i %i]] [%.0f %.0f %.0f]] (%s) pdfm ", pl->rect.llx, pl->rect.lly, pl->rect.urx, pl->rect.ury,
		  pl->border[0], pl->border[1], pl->border[2], pl->border[3],pl->border[4],
		  pl->color[0], pl->color[1], pl->color[2], s) ;
    cmdout(tmpbuf) ;
  }
}

---------------------------------------------------
> Best wishes
>
> Norbert
>
> ---------------------------------------------------------------------------
>---- Dr. Norbert Preining <preining@logic.at>        Vienna University of
> Technology Debian Developer <preining@debian.org>                        
> Debian TeX Group gpg DSA: 0x09C5B094      fp: 14DF 2E6C 0307 BE6D AD76 
> A9C0 D2BF 4AA3 09C5 B094
> ---------------------------------------------------------------------------
>---- TIBSHELF (n.)
> Criss-cross wooden construction hung on a wall in a teenage girl's
> bedroom which is covered with glass bambies and poodles, matching pigs
> and porcelain ponies in various postures.
> 			--- Douglas Adams, The Meaning of Liff



-- 

"ROUCARIES Bastien"
                                                 bastien.roucaries@enseeiht.fr
-------------------------------------------------------------------------------


17:39 ou peut-on trouver des fortunes en francais ???
17:40 17:39 La banque de france ?




Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#447081; Package texlive-base-bin. Full text and rfc822 format available.

Acknowledgement sent to Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. Full text and rfc822 format available.

Message #50 received at 447081@bugs.debian.org (full text, mbox):

From: Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>
To: bastien.roucaries@enseeiht.fr, 447081@bugs.debian.org
Cc: bastien.roucaries+bugs@enseeiht.fr
Subject: Re: Bug#447081: Found bug solution proposed
Date: Fri, 19 Oct 2007 14:10:52 +0900 (JST)
On Thu, 18 Oct 2007 18:50:49 +0200, Bastien ROUCARIES wrote:

> Found bug do not know how to patch using debian system...
> 
> File hpc.c

I don't know about the patch but something I noticed.

On Thu, 18 Oct 2007 11:03:36 +0200, Bastien ROUCARIES wrote:

> sh-3.1$ dvips -z test.dvi
> This is dvips(k) 5.96.1 Copyright 2007 Radical Eye Software 
> (www.radicaleye.com)
...
> </usr/share/texmf-texlive/dvips/base/special.pro>
> </home/bastien/texmf/dvips/hps.pro>.
> </usr/share/texmf-texlive/fonts/type1/bluesky/cm/cmr10.pfb>[1Erreur de 
> segmentation

On Thu, 18 Oct 2007 07:37:41 +0200, Norbert Preining wrote:

> $ dvips foo
> This is dvips(k) 5.96.1 Copyright 2007 Radical Eye Software (www.radicaleye.com)
> </usr/share/texmf-texlive/dvips/base/special.pro>. 
> </usr/share/texmf-texlive/fonts/type1/bluesky/cm/cmr10.pfb>[1] 

Where comes a difference with hps.pro? (it is in Bastien's
message but not in Norbert's)

Regards,			2007-10-19(Fri)

-- 
 Debian Developer & Debian JP Developer - much more I18N of Debian
 Atsuhito Kohda <kohda AT debian.org>
 Department of Math., Univ. of Tokushima




Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#447081; Package texlive-base-bin. Full text and rfc822 format available.

Acknowledgement sent to Norbert Preining <preining@logic.at>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. Full text and rfc822 format available.

Message #55 received at 447081@bugs.debian.org (full text, mbox):

From: Norbert Preining <preining@logic.at>
To: Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>, 447081@bugs.debian.org
Cc: bastien.roucaries@enseeiht.fr, bastien.roucaries+bugs@enseeiht.fr
Subject: Re: Bug#447081: Found bug solution proposed
Date: Fri, 19 Oct 2007 08:27:47 +0200
Dear Kohda-san,

On Fr, 19 Okt 2007, Atsuhito Kohda wrote:
> Where comes a difference with hps.pro? (it is in Bastien's
> message but not in Norbert's)

Thanks for spotting this.

Bastien, can you confirm the crash WITHOUT the hps.pro, otherwise we
cannot investigate further.

Best wishes

Norbert

-------------------------------------------------------------------------------
Dr. Norbert Preining <preining@logic.at>        Vienna University of Technology
Debian Developer <preining@debian.org>                         Debian TeX Group
gpg DSA: 0x09C5B094      fp: 14DF 2E6C 0307 BE6D AD76  A9C0 D2BF 4AA3 09C5 B094
-------------------------------------------------------------------------------
VIRGINSTOW (n.)
A Durex machine which doesn't have the phrase 'So was the Titanic'
scrawled on it. The word has now fallen into disuse.
			--- Douglas Adams, The Meaning of Liff




Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#447081; Package texlive-base-bin. Full text and rfc822 format available.

Acknowledgement sent to Bastien ROUCARIES <bastien.roucaries@enseeiht.fr>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. Full text and rfc822 format available.

Message #60 received at 447081@bugs.debian.org (full text, mbox):

From: Bastien ROUCARIES <bastien.roucaries@enseeiht.fr>
To: Norbert Preining <preining@logic.at>
Cc: Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>, 447081@bugs.debian.org, bastien.roucaries+bugs@enseeiht.fr
Subject: Re: Bug#447081: Found bug solution proposed
Date: Fri, 19 Oct 2007 11:30:08 +0200
Le vendredi 19 octobre 2007, Norbert Preining a écrit :
> Dear Kohda-san,
>
> On Fr, 19 Okt 2007, Atsuhito Kohda wrote:
> > Where comes a difference with hps.pro? (it is in Bastien's
> > message but not in Norbert's)
>
> Thanks for spotting this.
>
> Bastien, can you confirm the crash WITHOUT the hps.pro, otherwise we
> cannot investigate further.

Confirm without /home/bastien.../hps.pro (a simple copy for testing)

sh-3.1$ dvips -z test.dvi
This is dvips(k) 5.96.1 Copyright 2007 Radical Eye Software 
(www.radicaleye.com)
' TeX output 2007.10.18:1824' -> test.ps
</usr/share/texmf-texlive/dvips/base/tex.pro>
</usr/share/texmf-texlive/dvips/base/texps.pro>
</usr/share/texmf-texlive/dvips/base/special.pro>
</usr/share/texmf-texlive/dvips/base/hps.pro>.
</usr/share/texmf-texlive/fonts/type1/bluesky/cm/cmr10.pfb>[1Erreur de 
segmentation

I am quite sure that it is a bufferoverflow. I have modified hpc.c (by hand) 
but it refuse to compile due to a "conflict with debian patch system", will 
retry today.

Regards. 

Bastien


> Best wishes
>
> Norbert
>
> ---------------------------------------------------------------------------
>---- Dr. Norbert Preining <preining@logic.at>        Vienna University of
> Technology Debian Developer <preining@debian.org>                        
> Debian TeX Group gpg DSA: 0x09C5B094      fp: 14DF 2E6C 0307 BE6D AD76 
> A9C0 D2BF 4AA3 09C5 B094
> ---------------------------------------------------------------------------
>---- VIRGINSTOW (n.)
> A Durex machine which doesn't have the phrase 'So was the Titanic'
> scrawled on it. The word has now fallen into disuse.
> 			--- Douglas Adams, The Meaning of Liff



-- 

"ROUCARIES Bastien"
                                                 bastien.roucaries@enseeiht.fr
-------------------------------------------------------------------------------

Ainsi, les mises à jour de MultideskOS ne changeront RIEN !  Le  nouveau
système tournera mieux, sera plus rapide, plus stable,  comportera  plus
de commandes, mais sera exactement le même qu'avant la mise à  jour.  
-- Jayce - Tout est dans le rien, et réciproquement. --




Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#447081; Package texlive-base-bin. Full text and rfc822 format available.

Acknowledgement sent to Norbert Preining <preining@logic.at>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. Full text and rfc822 format available.

Message #65 received at 447081@bugs.debian.org (full text, mbox):

From: Norbert Preining <preining@logic.at>
To: Bastien ROUCARIES <bastien.roucaries@enseeiht.fr>, 447081@bugs.debian.org
Cc: Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>, bastien.roucaries+bugs@enseeiht.fr
Subject: Re: Bug#447081: Found bug solution proposed
Date: Fri, 19 Oct 2007 16:26:36 +0200
On Fr, 19 Okt 2007, Bastien ROUCARIES wrote:
> Confirm without /home/bastien.../hps.pro (a simple copy for testing)
> 
> sh-3.1$ dvips -z test.dvi
> This is dvips(k) 5.96.1 Copyright 2007 Radical Eye Software 
> (www.radicaleye.com)
> ' TeX output 2007.10.18:1824' -> test.ps
> </usr/share/texmf-texlive/dvips/base/tex.pro>
> </usr/share/texmf-texlive/dvips/base/texps.pro>
> </usr/share/texmf-texlive/dvips/base/special.pro>
> </usr/share/texmf-texlive/dvips/base/hps.pro>.
> </usr/share/texmf-texlive/fonts/type1/bluesky/cm/cmr10.pfb>[1Erreur de 
> segmentation

There is still hps.pro. Furthermore please can you test without -z?

I will try this myself on my amd64 machine as soon as I am at home from
Erevan.

Bye

Norbert

-------------------------------------------------------------------------------
Dr. Norbert Preining <preining@logic.at>        Vienna University of Technology
Debian Developer <preining@debian.org>                         Debian TeX Group
gpg DSA: 0x09C5B094      fp: 14DF 2E6C 0307 BE6D AD76  A9C0 D2BF 4AA3 09C5 B094
-------------------------------------------------------------------------------
BURBAGE
The sound made by a liftful of people all trying to breathe politely
through their noses.
			--- Douglas Adams, The Meaning of Liff




Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#447081; Package texlive-base-bin. Full text and rfc822 format available.

Acknowledgement sent to Bastien ROUCARIES <bastien.roucaries@enseeiht.fr>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. Full text and rfc822 format available.

Message #70 received at 447081@bugs.debian.org (full text, mbox):

From: Bastien ROUCARIES <bastien.roucaries@enseeiht.fr>
To: Norbert Preining <preining@logic.at>
Cc: 447081@bugs.debian.org, Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>, bastien.roucaries+bugs@enseeiht.fr
Subject: Re: Bug#447081: Patch
Date: Fri, 19 Oct 2007 18:43:43 +0200
[Message part 1 (text/plain, inline)]
Le vendredi 19 octobre 2007, Norbert Preining a écrit :
> On Fr, 19 Okt 2007, Bastien ROUCARIES wrote:
> > Confirm without /home/bastien.../hps.pro (a simple copy for testing)
> >
> > sh-3.1$ dvips -z test.dvi
> > This is dvips(k) 5.96.1 Copyright 2007 Radical Eye Software
> > (www.radicaleye.com)
> > ' TeX output 2007.10.18:1824' -> test.ps
> > </usr/share/texmf-texlive/dvips/base/tex.pro>
> > </usr/share/texmf-texlive/dvips/base/texps.pro>
> > </usr/share/texmf-texlive/dvips/base/special.pro>
> > </usr/share/texmf-texlive/dvips/base/hps.pro>.
> > </usr/share/texmf-texlive/fonts/type1/bluesky/cm/cmr10.pfb>[1Erreur de
> > segmentation
>
> There is still hps.pro. Furthermore please can you test without -z?
>
> I will try this myself on my amd64 machine as soon as I am at home from
> Erevan.

Ok with this patch dvips -z doesn't crash anymore :-)

Regards Bastien

PS: Feel free to add it, it so trivial that I give you as public domain 
code...


> Bye
>
> Norbert
>
> ---------------------------------------------------------------------------
>---- Dr. Norbert Preining <preining@logic.at>        Vienna University of
> Technology Debian Developer <preining@debian.org>                        
> Debian TeX Group gpg DSA: 0x09C5B094      fp: 14DF 2E6C 0307 BE6D AD76 
> A9C0 D2BF 4AA3 09C5 B094
> ---------------------------------------------------------------------------
>---- BURBAGE
> The sound made by a liftful of people all trying to breathe politely
> through their noses.
> 			--- Douglas Adams, The Meaning of Liff



-- 

"ROUCARIES Bastien"
                                                 bastien.roucaries@enseeiht.fr
-------------------------------------------------------------------------------

La vérité sort de la bouche du muet.
[overflow.patch (text/x-diff, attachment)]

Tags added: patch Request was from Bastien ROUCARIES <bastien.roucaries@enseeiht.fr> to control@bugs.debian.org. (Fri, 19 Oct 2007 16:54:02 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#447081; Package texlive-base-bin. Full text and rfc822 format available.

Acknowledgement sent to Norbert Preining <preining@logic.at>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. Full text and rfc822 format available.

Message #77 received at 447081@bugs.debian.org (full text, mbox):

From: Norbert Preining <preining@logic.at>
To: tex-live@tug.org, Karl Berry <karl@tug.org>
Cc: Bastien ROUCARIES <bastien.roucaries@enseeiht.fr>, 447081@bugs.debian.org
Subject: buffer overflow in dvips -
Date: Sun, 21 Oct 2007 13:22:19 +0200
[Message part 1 (text/plain, inline)]
Dear Karl, dear all!

Bastien Roucaries has found that dvips -z segfaults on amd64 with very
long href entries, example:

\documentclass{article}
usepackage[hypertex]{hyperref}
\href{/XXXX/XXXXXXX/XXX/XXXXX/XXXXXXXXXXXXXXX/XXXXXXX/XXXXXXXXXXXXXXXXX/XXX XXXXXXXXXXXXXXXXXXXXXXXXXX/XXXXXXXXXX XXXXX XXXXXXXXXXXXX - XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX}{solot}
\end{document}

This does NOT happen on i386, but I can confirm the segfault on amd64.

Bastien found a place that could be the problem:

----- Forwarded message from Bastien ROUCARIES <bastien.roucaries@enseeiht.fr> -----

[...]

> Found bug do not know how to patch using debian system...
> 
> File hpc.c
> ---------------------------
> void stamp_hps P1C(Hps_link *, pl)
> {
>   char tmpbuf[200] ;         /*    <------- POTENTIAL BUG HERE malloc(strlen(pl->title)+200) safer */
>   if (pl == NULL) {

[...]

> /* For external URL's, we just pass them through as a string. The hyperps
>  * interpreter can then do what is wants with them.
>  */
> void stamp_external P2C(char *, s, Hps_link *, pl) 
> {
>   char tmpbuf[200]; /*      BUG BUG HERE use malloc(strlen(s)+200) */
>   if (pl == NULL) {

[...]

----- End forwarded message -----


Furthermore, he created a patch for hps.c which at least on his computer
fixes the problem (I couldn't try it till now).

----- Forwarded message from Bastien ROUCARIES <bastien.roucaries@enseeiht.fr> -----

[...]

> Ok with this patch dvips -z doesn't crash anymore :-)
> 
> Regards Bastien
> 
> PS: Feel free to add it, it so trivial that I give you as public domain 
> code...

----- End forwarded message -----

I attach this patch. 


Could you or anyone else please take a look at this, give your comments
(please leave the Cc on list, especially the Debian bug report).

Thanks a lot and all the best

Norbert

-------------------------------------------------------------------------------
Dr. Norbert Preining <preining@logic.at>        Vienna University of Technology
Debian Developer <preining@debian.org>                         Debian TeX Group
gpg DSA: 0x09C5B094      fp: 14DF 2E6C 0307 BE6D AD76  A9C0 D2BF 4AA3 09C5 B094
-------------------------------------------------------------------------------
TIDPIT (n.)
The corner of a toenail from which satisfying little black deposits
may be sprung.
			--- Douglas Adams, The Meaning of Liff
[overflow.patch (text/x-diff, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#447081; Package texlive-base-bin. Full text and rfc822 format available.

Acknowledgement sent to karl@freefriends.org (Karl Berry):
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. Full text and rfc822 format available.

Message #82 received at 447081@bugs.debian.org (full text, mbox):

From: karl@freefriends.org (Karl Berry)
To: preining@logic.at
Cc: tex-live@tug.org, bastien.roucaries@enseeiht.fr, 447081@bugs.debian.org
Subject: Re: [tex-live] buffer overflow in dvips -
Date: Sun, 21 Oct 2007 19:44:07 -0500
    Could you or anyone else please take a look at this, give your comments
    (please leave the Cc on list, especially the Debian bug report).

Well, it is certainly a good thing to avoid the fixed-length buffer.
I applied the patch, modulo error message wording.

Thanks!

Karl




Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#447081; Package texlive-base-bin. Full text and rfc822 format available.

Acknowledgement sent to Norbert Preining <preining@logic.at>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. Full text and rfc822 format available.

Message #87 received at 447081@bugs.debian.org (full text, mbox):

From: Norbert Preining <preining@logic.at>
To: Karl Berry <karl@freefriends.org>
Cc: tex-live@tug.org, bastien.roucaries@enseeiht.fr, 447081@bugs.debian.org
Subject: Re: [tex-live] buffer overflow in dvips -
Date: Mon, 22 Oct 2007 07:21:31 +0200
On So, 21 Okt 2007, Karl Berry wrote:
> I applied the patch, modulo error message wording.

Thanks Karl, I will put the patch into the Debian packages, too.

Best wishes

Norbert

-------------------------------------------------------------------------------
Dr. Norbert Preining <preining@logic.at>        Vienna University of Technology
Debian Developer <preining@debian.org>                         Debian TeX Group
gpg DSA: 0x09C5B094      fp: 14DF 2E6C 0307 BE6D AD76  A9C0 D2BF 4AA3 09C5 B094
-------------------------------------------------------------------------------
BALLYCUMBER
One of the six half-read books lying somewhere in your bed.
			--- Douglas Adams, The Meaning of Liff




Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#447081; Package texlive-base-bin. Full text and rfc822 format available.

Acknowledgement sent to Bastien ROUCARIES <bastien.roucaries@enseeiht.fr>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. Full text and rfc822 format available.

Message #92 received at 447081@bugs.debian.org (full text, mbox):

From: Bastien ROUCARIES <bastien.roucaries@enseeiht.fr>
To: Norbert Preining <preining@logic.at>
Cc: Karl Berry <karl@tug.org>, 447081@bugs.debian.org
Subject: Re: buffer overflow in dvips -
Date: Wed, 24 Oct 2007 19:04:08 +0200
Le dimanche 21 octobre 2007, Norbert Preining a écrit :
> Dear Karl, dear all!
>
> Bastien Roucaries has found that dvips -z segfaults on amd64 with very
> long href entries, example:

Thank you very much for your support. Could be posssible to get the patch 
ASAP?

Regards

bastien




Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#447081; Package texlive-base-bin. Full text and rfc822 format available.

Acknowledgement sent to Norbert Preining <preining@logic.at>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. Full text and rfc822 format available.

Message #97 received at 447081@bugs.debian.org (full text, mbox):

From: Norbert Preining <preining@logic.at>
To: Bastien ROUCARIES <bastien.roucaries@enseeiht.fr>
Cc: Karl Berry <karl@tug.org>, 447081@bugs.debian.org
Subject: Re: buffer overflow in dvips -
Date: Wed, 24 Oct 2007 19:08:26 +0200
On Mi, 24 Okt 2007, Bastien ROUCARIES wrote:
> > Bastien Roucaries has found that dvips -z segfaults on amd64 with very
> > long href entries, example:
> 
> Thank you very much for your support. Could be posssible to get the patch 
> ASAP?

The next packages for Debian will ship dvips with this patch. I am
currently testing them.

BUT: It will take NEW processing since there are other changes
introducing new packages ...

If you need a fixed binary for i386 I can send you one.


Best wishes

Norbert

-------------------------------------------------------------------------------
Dr. Norbert Preining <preining@logic.at>        Vienna University of Technology
Debian Developer <preining@debian.org>                         Debian TeX Group
gpg DSA: 0x09C5B094      fp: 14DF 2E6C 0307 BE6D AD76  A9C0 D2BF 4AA3 09C5 B094
-------------------------------------------------------------------------------
CLABBY (adj.)
A 'clabby' conversation is one stuck up by a commissionaire or
cleaning lady in order to avoid any further actual work. The opening
gambit is usually designed to provoke the maximum confusion, and
therefore the longest possible clabby conversation. It is vitally
important to learn the correct, or 'clixby' (q.v.), responses to a
clabby gambit, and not to get trapped by a 'ditherington' (q.v.). For
instance, if confronted with a clabby gambit such as 'Oh, mr Smith, I
didn't know you'd had your leg off', the ditherington response is 'I
haven't....' whereas the clixby is 'good.'
			--- Douglas Adams, The Meaning of Liff




Tags added: pending Request was from Anibal Monsalve Salazar <anibal@debian.org> to control@bugs.debian.org. (Sat, 27 Oct 2007 12:09:12 GMT) Full text and rfc822 format available.

Reply sent to Norbert Preining <preining@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Bastien ROUCARIES <bastien.roucaries+bugs@enseeiht.fr>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #104 received at 447081-close@bugs.debian.org (full text, mbox):

From: Norbert Preining <preining@debian.org>
To: 447081-close@bugs.debian.org
Subject: Bug#447081: fixed in texlive-bin 2007.dfsg.1-1
Date: Fri, 02 Nov 2007 19:37:00 +0000
Source: texlive-bin
Source-Version: 2007.dfsg.1-1

We believe that the bug you reported is fixed in the latest version of
texlive-bin, which is due to be installed in the Debian FTP archive:

libkpathsea-dev_2007.dfsg.1-1_i386.deb
  to pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.1-1_i386.deb
libkpathsea4_2007.dfsg.1-1_i386.deb
  to pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.1-1_i386.deb
texlive-base-bin-doc_2007.dfsg.1-1_i386.deb
  to pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.1-1_i386.deb
texlive-base-bin_2007.dfsg.1-1_i386.deb
  to pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.1-1_i386.deb
texlive-bin_2007.dfsg.1-1.diff.gz
  to pool/main/t/texlive-bin/texlive-bin_2007.dfsg.1-1.diff.gz
texlive-bin_2007.dfsg.1-1.dsc
  to pool/main/t/texlive-bin/texlive-bin_2007.dfsg.1-1.dsc
texlive-bin_2007.dfsg.1.orig.tar.gz
  to pool/main/t/texlive-bin/texlive-bin_2007.dfsg.1.orig.tar.gz
texlive-extra-utils_2007.dfsg.1-1_i386.deb
  to pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.1-1_i386.deb
texlive-font-utils_2007.dfsg.1-1_i386.deb
  to pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.1-1_i386.deb
texlive-lang-indic_2007.dfsg.1-1_i386.deb
  to pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.1-1_i386.deb
texlive-metapost-doc_2007.dfsg.1-1_i386.deb
  to pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.1-1_i386.deb
texlive-metapost_2007.dfsg.1-1_i386.deb
  to pool/main/t/texlive-bin/texlive-metapost_2007.dfsg.1-1_i386.deb
texlive-music_2007.dfsg.1-1_i386.deb
  to pool/main/t/texlive-bin/texlive-music_2007.dfsg.1-1_i386.deb
texlive-omega_2007.dfsg.1-1_i386.deb
  to pool/main/t/texlive-bin/texlive-omega_2007.dfsg.1-1_i386.deb
texlive-xetex_2007.dfsg.1-1_i386.deb
  to pool/main/t/texlive-bin/texlive-xetex_2007.dfsg.1-1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 447081@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Norbert Preining <preining@debian.org> (supplier of updated texlive-bin package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 22 Oct 2007 07:35:16 +0200
Source: texlive-bin
Binary: texlive-metapost-doc texlive-extra-utils libkpathsea-dev libkpathsea4 texlive-xetex texlive-lang-indic texlive-omega texlive-font-utils texlive-base-bin-doc texlive-metapost texlive-base-bin texlive-music
Architecture: source i386
Version: 2007.dfsg.1-1
Distribution: unstable
Urgency: low
Maintainer: Debian TeX Maintainers <debian-tex-maint@lists.debian.org>
Changed-By: Norbert Preining <preining@debian.org>
Description: 
 libkpathsea-dev - TeX Live: path search library for TeX (development part)
 libkpathsea4 - TeX Live: path search library for TeX (runtime part)
 texlive-base-bin - TeX Live: Essential binaries
 texlive-base-bin-doc - TeX Live: Documentation files for texlive-base-bin
 texlive-extra-utils - TeX Live: TeX auxiliary programs
 texlive-font-utils - TeX Live: TeX font-related programs
 texlive-lang-indic - TeX Live: Indic
 texlive-metapost - TeX Live: MetaPost (and Metafont) drawing packages
 texlive-metapost-doc - TeX Live: Documentation files for texlive-metapost
 texlive-music - TeX Live: Music typesetting
 texlive-omega - TeX Live: Omega
 texlive-xetex - TeX Live: XeTeX macros
Closes: 434891 436965 441605 447081
Changes: 
 texlive-bin (2007.dfsg.1-1) unstable; urgency=low
 .
   * disable pdftex character shifting (option G) in config.pdf
     (Closes: #434891)
   * rebuild new orig.tar.gz necessary to blacklist latexmp completely
     (Closes: #436965)
   * add patch gcc43-compile-fix to compilation of teckit with newer
     gcc compilers (Closes: #441605) (patch taken from 007-12ubuntu3,
     thanks Matthias Klose)
   * implement doc splitting, so that we can build separate -doc packages
     for every collection we want to [np]
     splitting is done for: metapost, base-bin
   * fix segfault of dvips -z on amd64 (patch applied upstream), thanks to
     Bastien Roucaries for finding and providing a patch (Closes: #447081)
Files: 
 59af413a81c5bc3e5568a708efb9b40d 1215 tex optional texlive-bin_2007.dfsg.1-1.dsc
 8c96d9dee6574a23f35982a60f75a8e9 70262321 tex optional texlive-bin_2007.dfsg.1.orig.tar.gz
 e7c57bfe63a631d3abae228c470c0b55 223550 tex optional texlive-bin_2007.dfsg.1-1.diff.gz
 d37c26d5bba901d918785ae645c6de14 2377744 tex optional texlive-base-bin_2007.dfsg.1-1_i386.deb
 84d655a10781e8ce3b415461ab8b13da 570762 tex optional texlive-extra-utils_2007.dfsg.1-1_i386.deb
 46d01ea2633edca2d74554e00e5e307f 960532 tex optional texlive-font-utils_2007.dfsg.1-1_i386.deb
 c088bebf884b53ca1cec784e1560a281 559604 tex optional texlive-metapost_2007.dfsg.1-1_i386.deb
 542d5a855d7962d47aead87d4654013b 2667720 tex optional texlive-omega_2007.dfsg.1-1_i386.deb
 250d3ab689f35b316e5377a1dcf7e7de 6362940 tex optional texlive-xetex_2007.dfsg.1-1_i386.deb
 873472829e6169b4fe7fcff498e73ed3 1714674 tex optional texlive-music_2007.dfsg.1-1_i386.deb
 d2a77fe71077de8e00abb242fbf66d1b 6700408 tex optional texlive-lang-indic_2007.dfsg.1-1_i386.deb
 5aad7378e35e60d839ff67967122fa0d 112408 libs optional libkpathsea4_2007.dfsg.1-1_i386.deb
 4a6c97b6dde5efdd21b780ba27dae8c1 149450 libdevel optional libkpathsea-dev_2007.dfsg.1-1_i386.deb
 43402be937b54f7ffbcf855dcfc2fd98 6792240 doc optional texlive-metapost-doc_2007.dfsg.1-1_i386.deb
 acf1907a581bafc09f82704c9b1da039 8602070 doc optional texlive-base-bin-doc_2007.dfsg.1-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHIEF/0r9KownFsJQRAobJAJ9oa7JYMf3fDDojaIbrdGT9udITwQCdEOuD
jrcx1RzFLQOFdkegrDoGcT0=
=b4EM
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#447081; Package texlive-base-bin. Full text and rfc822 format available.

Acknowledgement sent to Bastien ROUCARIES <bastien.roucaries@enseeiht.fr>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. Full text and rfc822 format available.

Message #109 received at 447081@bugs.debian.org (full text, mbox):

From: Bastien ROUCARIES <bastien.roucaries@enseeiht.fr>
To: 447081@bugs.debian.org
Subject: This bug has a CVE
Date: Wed, 26 Dec 2007 15:42:41 +0100
Bug was assigned CVE-2007-5935

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5935
-- 

"ROUCARIES Bastien"
                                                 bastien.roucaries@enseeiht.fr
-------------------------------------------------------------------------------


13:45 bon y'a plus personne !!
13:46 si, y a moi !
13:57 ya moi aussi, perdu sur le net
13:59 13:57 salut, donc on est 3 sur la tribune.
14:00 [Da Plop bot] 13:42 Plop !
14:01 ça va bien, on est 4 avec le bot :o)




Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#447081; Package texlive-base-bin. Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. Full text and rfc822 format available.

Message #114 received at 447081@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: Bastien ROUCARIES <bastien.roucaries@enseeiht.fr>, 447081@bugs.debian.org
Subject: Re: Bug#447081: This bug has a CVE
Date: Wed, 26 Dec 2007 16:41:57 +0100
[Message part 1 (text/plain, inline)]
Hi Bastien,
* Bastien ROUCARIES <bastien.roucaries@enseeiht.fr> [2007-12-26 16:24]:
> Bug was assigned CVE-2007-5935
> 
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5935

It was already tracked with this id:
http://security-tracker.debian.net/tracker/CVE-2007-5935
Kind regards
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#447081; Package texlive-base-bin. Full text and rfc822 format available.

Acknowledgement sent to Norbert Preining <preining@logic.at>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. Full text and rfc822 format available.

Message #119 received at 447081@bugs.debian.org (full text, mbox):

From: Norbert Preining <preining@logic.at>
To: Bastien ROUCARIES <bastien.roucaries@enseeiht.fr>, 447081@bugs.debian.org
Subject: Re: Bug#447081: This bug has a CVE
Date: Thu, 27 Dec 2007 00:26:12 +0100
On Mi, 26 Dez 2007, Bastien ROUCARIES wrote:
> Bug was assigned CVE-2007-5935
> 
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5935

Yes? And?

The CVE number was assigned on 20071113 as far as I see, while the
texlive-bin packages fixing that were released already on 20071102

so what do you want to tell me with that?

Best wishes

Norbert

-------------------------------------------------------------------------------
Dr. Norbert Preining <preining@logic.at>        Vienna University of Technology
Debian Developer <preining@debian.org>                         Debian TeX Group
gpg DSA: 0x09C5B094      fp: 14DF 2E6C 0307 BE6D AD76  A9C0 D2BF 4AA3 09C5 B094
-------------------------------------------------------------------------------
TULSA (n.)
A slurp of beer which has accidentally gone down your shirt collar.
			--- Douglas Adams, The Meaning of Liff




Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#447081; Package texlive-base-bin. Full text and rfc822 format available.

Acknowledgement sent to Hilmar Preusse <hille42@web.de>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. Full text and rfc822 format available.

Message #124 received at 447081@bugs.debian.org (full text, mbox):

From: Hilmar Preusse <hille42@web.de>
To: Norbert Preining <preining@logic.at>, 447081@bugs.debian.org
Cc: Bastien ROUCARIES <bastien.roucaries@enseeiht.fr>
Subject: Re: Bug#447081: This bug has a CVE
Date: Thu, 27 Dec 2007 09:58:48 +0100
On 27.12.07 Norbert Preining (preining@logic.at) wrote:
> On Mi, 26 Dez 2007, Bastien ROUCARIES wrote:

Hi,

> > Bug was assigned CVE-2007-5935
> > 
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5935
> 
> Yes? And?
> 
> The CVE number was assigned on 20071113 as far as I see, while the
> texlive-bin packages fixing that were released already on 20071102
> 
> so what do you want to tell me with that?
> 
...that we should list the CVE number in debian/changelog?

H.
-- 
sigmentation fault




Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#447081; Package texlive-base-bin. Full text and rfc822 format available.

Acknowledgement sent to Hilmar Preusse <hille42@web.de>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. Full text and rfc822 format available.

Message #129 received at 447081@bugs.debian.org (full text, mbox):

From: Hilmar Preusse <hille42@web.de>
To: Bastien ROUCARIES <bastien.roucaries@enseeiht.fr>, 447081@bugs.debian.org
Subject: Re: Bug#447081: This bug has a CVE
Date: Thu, 27 Dec 2007 10:06:40 +0100
On 26.12.07 Bastien ROUCARIES (bastien.roucaries@enseeiht.fr) wrote:

Hi,

> Bug was assigned CVE-2007-5935
> 
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5935
> 
just noticed that Norbert put that # into the changelog:

  * fix segfault of dvips -z on amd64 (patch applied upstream),
    thanks to Bastien Roucaries for finding and providing a patch
    (Closes: #447081)

It seems that entry is not yet mentioned in the official package, but
it is in the SVN.

H.
-- 
sigmentation fault




Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#447081; Package texlive-base-bin. Full text and rfc822 format available.

Acknowledgement sent to Norbert Preining <preining@logic.at>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. Full text and rfc822 format available.

Message #134 received at 447081@bugs.debian.org (full text, mbox):

From: Norbert Preining <preining@logic.at>
To: Hilmar Preusse <hille42@web.de>, 447081@bugs.debian.org
Cc: Bastien ROUCARIES <bastien.roucaries@enseeiht.fr>
Subject: Re: Bug#447081: This bug has a CVE
Date: Thu, 27 Dec 2007 17:18:35 +0100
On Do, 27 Dez 2007, Hilmar Preusse wrote:
> > Bug was assigned CVE-2007-5935
> > 
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5935
> > 
> just noticed that Norbert put that # into the changelog:
> 
>   * fix segfault of dvips -z on amd64 (patch applied upstream),
>     thanks to Bastien Roucaries for finding and providing a patch
>     (Closes: #447081)
> 
> It seems that entry is not yet mentioned in the official package, but
> it is in the SVN.

??? how ??? that fix went into texlive-bin (2007.dfsg.1-1) which was
released on 2007-11-1. There the bug number was already mentioned, see
commit 3122, or the diff to the prev version of changelog:
http://svn.debian.org/viewsvn/debian-tex/texlive-new/trunk/texlive-bin/debian/changelog?rev=3122&r1=3110&r2=3122

The only thing what I did *afterwards* was do add the CVE number. The
Debian bug number was mentioned.

Could it be that you take a look at the SECURITY package? The
2007-14.lenny1 or something?

Right, that was release from the security team due to the prolonged
libpoppler transition (finally done!). The fix was long there in sid but
couldn't enter testing, so the made a quick fix including only this bug
fix.

No, I see nothing to do. The current svn code contains the CVE and the
bug report number. The CVE was assigned AFTER the fixed packages were
released, so I couldn't add them.

Best wishes

Norbert

-------------------------------------------------------------------------------
Dr. Norbert Preining <preining@logic.at>        Vienna University of Technology
Debian Developer <preining@debian.org>                         Debian TeX Group
gpg DSA: 0x09C5B094      fp: 14DF 2E6C 0307 BE6D AD76  A9C0 D2BF 4AA3 09C5 B094
-------------------------------------------------------------------------------
There are of course many problems connected with life, of
which some of the most popular are `Why are people born?'
Why do they spend so much of the
intervening time wearing digital watches?'
                 --- The Book.
                 --- Douglas Adams, The Hitchhikers Guide to the Galaxy




Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#447081; Package texlive-base-bin. Full text and rfc822 format available.

Acknowledgement sent to Norbert Preining <preining@logic.at>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. Full text and rfc822 format available.

Message #139 received at 447081@bugs.debian.org (full text, mbox):

From: Norbert Preining <preining@logic.at>
To: Hilmar Preusse <hille42@web.de>, 447081@bugs.debian.org
Cc: Bastien ROUCARIES <bastien.roucaries@enseeiht.fr>
Subject: Re: Bug#447081: This bug has a CVE
Date: Thu, 27 Dec 2007 17:19:43 +0100
On Do, 27 Dez 2007, Hilmar Preusse wrote:
> ...that we should list the CVE number in debian/changelog?

It is in the svn code ... but no release since then!

Best wishes

Norbert

-------------------------------------------------------------------------------
Dr. Norbert Preining <preining@logic.at>        Vienna University of Technology
Debian Developer <preining@debian.org>                         Debian TeX Group
gpg DSA: 0x09C5B094      fp: 14DF 2E6C 0307 BE6D AD76  A9C0 D2BF 4AA3 09C5 B094
-------------------------------------------------------------------------------
Queasy but umbowed. The kind of feeling one gets when discovering a
plastic compartment in a fridge in which thing are growing.
			--- Douglas Adams, The Meaning of Liff




Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#447081; Package texlive-base-bin. Full text and rfc822 format available.

Acknowledgement sent to Hilmar Preusse <hille42@web.de>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. Full text and rfc822 format available.

Message #144 received at 447081@bugs.debian.org (full text, mbox):

From: Hilmar Preusse <hille42@web.de>
To: Norbert Preining <preining@logic.at>, 447081@bugs.debian.org
Cc: Bastien ROUCARIES <bastien.roucaries@enseeiht.fr>
Subject: Re: Bug#447081: This bug has a CVE
Date: Thu, 27 Dec 2007 19:15:02 +0100
On 27.12.07 Norbert Preining (preining@logic.at) wrote:
> On Do, 27 Dez 2007, Hilmar Preusse wrote:

Hi,

> > > Bug was assigned CVE-2007-5935
> > > 
> > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5935
> > > 
> > just noticed that Norbert put that # into the changelog:
> > 
> >   * fix segfault of dvips -z on amd64 (patch applied upstream),
> >     thanks to Bastien Roucaries for finding and providing a patch
> >     (Closes: #447081)
> > 
> > It seems that entry is not yet mentioned in the official package, but
> > it is in the SVN.
> 
> ??? how ??? that fix went into texlive-bin (2007.dfsg.1-1) which was
> released on 2007-11-1. There the bug number was already mentioned, see
> commit 3122, or the diff to the prev version of changelog:
> http://svn.debian.org/viewsvn/debian-tex/texlive-new/trunk/texlive-bin/debian/changelog?rev=3122&r1=3110&r2=3122
> 
> The only thing what I did *afterwards* was do add the CVE number.
> The Debian bug number was mentioned.
> 
Exactly: you can't list a CVE number if there isn't assigned one yet.
So, what you did is fine. I'm sorry for the confusion!

H.
-- 
sigmentation fault




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 25 Jan 2008 07:34:17 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 05:03:05 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.