[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: New xpdf vulnerabilities related to CAN-2004-0888

Frank Küster <frank@debian.org> wrote:

> As I said before, I don't know much about C, and I wouldn't trust myself
> in adapting the code in the new patch to Joey's way to write it.  At
> least I would need some guidance on how to do it. 

I have not received any help so far. I am aware that you have been busy
with an unusually high number of security problems in the last couple of
days, and that the xpdf vulnerability might not be the most important
one. But still I feel uncomfortable with doing nothing about it, but I
think I cannot do anything useful currently, without some guidance by
someone more experienced in C++.

I also wonder why it seems that the question of compilier-optimization
(whether the published fixes are really dangerous, because gcc might
optimize the checks away) is not discussed?

Regards, Frank

-- 
Frank Küster
Inst. f. Biochemie der Univ. Zürich
Debian Developer
Reply to: