Bug#286984: tetex-bin: Vulnerable to CAN-2004-1125

To: 286984@bugs.debian.org
Subject: Bug#286984: tetex-bin: Vulnerable to CAN-2004-1125
From: Martin Pitt <mpitt@debian.org>
Date: Thu, 23 Dec 2004 17:28:49 +0100
Message-id: <[🔎] 20041223162849.GA711@box79162.elkhouse.de>
Reply-to: Martin Pitt <mpitt@debian.org>, 286984@bugs.debian.org
In-reply-to: <[🔎] 20041223143700.GA1900@preusse>
References: <[🔎] 20041223125400.GA31076@box79162.elkhouse.de> <[🔎] 20041223143700.GA1900@preusse>

Hi Hilmar!

Hilmar Preusse [2004-12-23 15:37 +0100]:
> > You can get the Ubuntu security update patch from
> > 
> >   http://patches.ubuntu.com/patches/tetex-bin.CAN-2004-1125.diff
> > 
> , which is not much more than
> ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl2.patch + the Debian/Ubuntu
> specific stuff. 

Right; to the contrary, it is even a bit shorter than the original
patch. I included it more or less only for the sake of completeness
:-)

> The original report e.g. on
> http://www.auscert.org.au/render.html?it=4651 .
> 
> Thanks for the report! Hmm, xpdf 1.0 contains exactly the same
> vulnerable code. I guess there will be another tetex for stable soon.

I did not look into that. If stable is affected, too, then can you
please keep track of the release tags?

Merry Christmas!

Martin

-- 
Martin Pitt                       http://www.piware.de
Ubuntu Developer            http://www.ubuntulinux.org
Debian GNU/Linux Developer       http://www.debian.org

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Bug#286984: tetex-bin: Vulnerable to CAN-2004-1125
  - From: Martin Pitt <mpitt@debian.org>
- Bug#286984: tetex-bin: Vulnerable to CAN-2004-1125
  - From: Hilmar Preusse <hille42@web.de>

Prev by Date: Re: Bug#286984: tetex-bin: Vulnerable to CAN-2004-1125
Next by Date: Bug#286984: tetex-bin: Vulnerable to CAN-2004-1125
Previous by thread: Bug#286984: tetex-bin: Vulnerable to CAN-2004-1125
Next by thread: Bug#286984: tetex-bin: Vulnerable to CAN-2004-1125
Index(es):
- Date
- Thread