Hi Hilmar! Hilmar Preusse [2006-01-27 9:56 +0100]: > > This is precisely the fix that is required to avoid endless loops > > with prematurely ending PDF files (CVE-2005-3625). So it is not > > exploitable to execute any code or something, but it's still a > > nasty DoS, particularly in Cups. So I would prefer to apply it, > > especially since it's such an easy and straightforward change. > > > So, what is that now? > > - a security leak, which must be fixed > - rather an inconvenience, which should be fixed? For CUPS it was a real DoS which must be fixed, but for tetex-bin it's just an inconvenience; there will be few systems which automatically process untrusted LaTeX documents with PDF files sent by remote attackers. > Does that bug deserve still the severity critical? If not I propose > to lower the severity to important, keep that bug open until the > support for oldstable has ended and close the bug then. For now I > mark that bug as not found in 2.0.2-30sarge4 and found in > 1.0.7+20011202-7.7 . Works for me. Thanks, Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates?
Attachment:
signature.asc
Description: Digital signature