CVE-2007-5936

Publication date 13 November 2007

Last updated 24 July 2024

dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
tetex-bin	8.04 LTS hardy	Not in release
	7.10 gutsy	Not in release
	7.04 feisty	Fixed 3.0-27ubuntu1.2
	6.10 edgy	Fixed 3.0-17ubuntu2.1
	6.06 LTS dapper	Fixed 3.0-13ubuntu6.1
texlive-bin	8.04 LTS hardy	Not affected
	7.10 gutsy	Fixed 2007-12ubuntu3.1
	7.04 feisty	Ignored
	6.10 edgy	Ignored
	6.06 LTS dapper	Not in release

How can I get the fixes?
What do statuses mean?

Notes

jdstrand

fixed with Debian's dviljk-security-fixes

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-554-1
teTeX and TeX Live vulnerabilities
6 December 2007

Other references

https://www.cve.org/CVERecord?id=CVE-2007-5936