Index: trunk/server/common/patches/texlive-CVE-2010-1440.patch
===================================================================
--- trunk/server/common/patches/texlive-CVE-2010-1440.patch	(revision 1557)
+++ trunk/server/common/patches/texlive-CVE-2010-1440.patch	(revision 1557)
@@ -0,0 +1,28 @@
+--- tetex-src-3.0/texk/dvipsk/dospecial.c.orig	2010-04-29 10:25:30.000000000 -0400
++++ tetex-src-3.0/texk/dvipsk/dospecial.c	2010-04-29 10:30:10.000000000 -0400
+@@ -305,7 +305,11 @@ void predospecial P2C(integer, numbytes,
+    int j ;
+    static int omega_specials = 0;
+ 
+-   if (nextstring + numbytes > maxstring) {
++   if (numbytes < 0 || numbytes > maxstring - nextstring) {
++      if (numbytes < 0 || numbytes > (INT_MAX - 1000) / 2 ) {
++         error("! Integer overflow in predospecial");
++         exit(1);
++      }
+       p = nextstring = mymalloc(1000 + 2 * numbytes) ;
+       maxstring = nextstring + 2 * numbytes + 700 ;
+    }
+@@ -828,7 +832,11 @@ float *bbdospecial P1C(int, nbytes)
+    char seen[NKEYS] ;
+    float valseen[NKEYS] ;
+ 
+-   if (nextstring + nbytes > maxstring) {
++   if (nbytes < 0 || nbytes > maxstring - nextstring) {
++      if (nbytes < 0 || nbytes > (INT_MAX - 1000) / 2 ) {
++         error("! Integer overflow in bbdospecial");
++         exit(1);
++      }
+       p = nextstring = mymalloc(1000 + 2 * nbytes) ;
+       maxstring = nextstring + 2 * nbytes + 700 ;
+    }