Bug#346086: tetex-bin: New integer overflows in xpdf copy [CVE-2005-3624, CVE-2005-3625, CVE-2005-3627]
On 27.01.06 Martin Pitt (mpitt@debian.org) wrote:
> Hilmar Preusse [2006-01-27 9:56 +0100]:
Hi,
> > So, what is that now?
> >
> > - a security leak, which must be fixed
> > - rather an inconvenience, which should be fixed?
>
> For CUPS it was a real DoS which must be fixed, but for tetex-bin
> it's just an inconvenience; there will be few systems which
> automatically process untrusted LaTeX documents with PDF files sent
> by remote attackers.
>
So, the last hunk seems not to exist in cupsys_1.1.14-5woody14.
Should we submit a bug against it?
Further I suggest to close the bug now or at least downgrade it to
important and close it as soon as the support for woody has ended.
Regards,
Hilmar
--
sigmentation fault
Attachment:
pgp3pq5bmCRkR.pgp
Description: PGP signature
Reply to:
- References:
- Bug#346086: tetex-bin: New integer overflows in xpdf copy [CVE-2005-3624, CVE-2005-3625, CVE-2005-3627]
- From: Martin Pitt <martin.pitt@ubuntu.com>
- Bug#346086: tetex-bin: New integer overflows in xpdf copy [CVE-2005-3624, CVE-2005-3625, CVE-2005-3627]
- From: Hilmar Preusse <hille42@web.de>
- Bug#346086: tetex-bin: New integer overflows in xpdf copy [CVE-2005-3624, CVE-2005-3625, CVE-2005-3627]
- From: Martin Pitt <mpitt@debian.org>
- Bug#346086: tetex-bin: New integer overflows in xpdf copy [CVE-2005-3624, CVE-2005-3625, CVE-2005-3627]
- From: Hilmar Preusse <hille42@web.de>
- Bug#346086: tetex-bin: New integer overflows in xpdf copy [CVE-2005-3624, CVE-2005-3625, CVE-2005-3627]
- From: Martin Pitt <mpitt@debian.org>