Bug#346086: tetex-bin: New integer overflows in xpdf copy [CVE-2005-3624, CVE-2005-3625, CVE-2005-3627]

To: Debian BTS Submit <submit@bugs.debian.org>
Cc: security@debian.org
Subject: Bug#346086: tetex-bin: New integer overflows in xpdf copy [CVE-2005-3624, CVE-2005-3625, CVE-2005-3627]
From: Martin Pitt <martin.pitt@ubuntu.com>
Date: Thu, 5 Jan 2006 15:14:26 +0100
Message-id: <[🔎] 20060105141426.GF5210@piware.de>
Reply-to: Martin Pitt <martin.pitt@ubuntu.com>, 346086@bugs.debian.org

Package: tetex-bin
Version: 2.0.2-30
Severity: critical
Tags: security patch

Hi!

Chris Evans found some more integer overflows in the xpdf code [1] which affect
tetex-bin as well. [1] also has demo exploit PDFs for patch checking.

See [2] for the Ubuntu debdiff. 

This only affects sarge (and woody); luckily sid is finally cured
forever due to poppler, so please mark this bug as fixed in sid.

Thanks,

Martin

[1] http://scary.beasts.org/security/b0dfca810501f2da/CESA-2005-003.txt
[2] http://patches.ubuntu.com/patches/tetex-bin.CVE-2005-3624_5_7.diff

-- 
Martin Pitt        http://www.piware.de
Ubuntu Developer   http://www.ubuntu.com
Debian Developer   http://www.debian.org

In a world without walls and fences, who needs Windows and Gates?

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Bug#346086: tetex-bin: New integer overflows in xpdf copy [CVE-2005-3624, CVE-2005-3625, CVE-2005-3627]
  - From: Hilmar Preusse <hille42@web.de>

Prev by Date: Bug#344790: [Micha Feigin] Re: Bug#344790: hyperref: off by 1 error with pdf bookmarks and tocdepth
Next by Date: Debian and texdoc
Previous by thread: Re: Bug#344790: [Micha Feigin] Re: Bug#344790: hyperref: off by 1 error with pdf bookmarks and tocdepth
Next by thread: Bug#346086: tetex-bin: New integer overflows in xpdf copy [CVE-2005-3624, CVE-2005-3625, CVE-2005-3627]
Index(es):
- Date
- Thread