The long awaited update:
- lots of updates to current packages
- lots of bugfixes
- lots of new packages
- cleanup of licenses, it's all free now (GPL, LPPL, ...)
see ${PREFIX}/share/texmf/ChangeLog for details
This release mainly fixes a very bad bug where configuring LyX
as root (never recomended) could lead to deleting the /dev/null
special device.
Also a bug where LyX would create zombie processes has been
fixed.
More details in http://www.lyx.org/announce/1_2_3.txt
brad@ ok
submitted by Sebastian Stark <seb@todesplanet.de>
Prosper is a LaTeX class for writing transparencies. It is written on
top of the seminar class by Timothy Van Zandt. It aims at offering an
environment for easily creating slides for both presentations with an
overhead projector and a video projector. Slides prepared for a
presentation with a computer and a video projector may integrate
animation effects, incremental display, and such.
pvalchev@ OK
Zen Parse found a local buffer overflow in gv version 3.5.8 and earlier.
Under this vulnerability, an attacker can create a carefully crafted,
malformed PDF or PostScript file that, when viewed using gv, executes
arbitrary commands on the system.
http://marc.theaimsgroup.com/?l=bugtraq&m=103428425111983&w=2
When GV detects that the document is either a PDF file or a
GZip compressed file, it executes some commands with the help of the
system() function. Unfortunately, these commands contain the
filename, which can be considered as untrusted user input. It is then
possible to distribute a file (with a meticulously chosen filename,
that even seems innocent) that causes execution of arbitrary
shell commands when it is read with GV.
http://www.epita.fr/~bevand_m/asa/asa-0000
