{
  "schema_version": "1.7.0",
  "id": "MGASA-2015-0453",
  "published": "2015-11-19T22:08:19Z",
  "modified": "2015-11-19T21:46:06Z",
  "summary": "Updated latex2rtf packages fix security vulnerability",
  "details": "A format string vulnerability was found in CmdKeywords function when\nprocessing \\keywords command in tex file. When the user runs latex2rtf\nwith malicious crafted tex file, an attacker can execute arbitrary code.\nThe variable 'keywords' in the function CmdKeywords may hold a malicious\ninput string, which can be used as a format argument of vsnprintf\n(CVE-2015-8106).\n",
  "upstream": [
    "CVE-2015-8106"
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2015-0453.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=17164"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2015/11/16/3"
    },
    {
      "type": "ADVISORY",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8106"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:5",
        "name": "latex2rtf",
        "purl": "pkg:rpm/mageia/latex2rtf?arch=source&distro=mageia-5"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.3.8-3.1.mga5"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}