Re: xpdf vulnerability?
On Fri, Mar 18, 2005 at 09:38:14AM +0100, Hilmar Preusse wrote:
> As thex extension to CAN-2004-0888 (CAN-2005-0206) came in after the
> latest tetex-bin upload we can't have the fix in sarge. I'll file a
> bug against tetex-bin and I guess Frank will upload ASAP. I'll check
> the woody version too.
I'm a bit confused.
We have the 2005-0206 fix in Xpdf 3.00-10 (last November).
However it's marked as being a followup to for 2004-0889, not -0888.
The Xpdf changelog mentions 0889, but not 0888. I'm no longer sure which
patch is which.
It looks like we are missing part of 2005-0064. I am about to upload
that change (upstream patch 3.00pl3).
I was tempted to revert all the security patches and apply upstream's
versions, but I'm not sure that all the changes are there. Especially as
I don't know how 0888 and 0889 differ.
Hamish Moffatt VK3SB <firstname.lastname@example.org> <email@example.com>