Bug#355122: missing hunk in latest security patch?

To: Debian Bug Tracking System <submit@bugs.debian.org>
Cc: Debian-teTeX-maint <debian-tetex-maint@lists.debian.org>
Subject: Bug#355122: missing hunk in latest security patch?
From: Hilmar Preusse <hille42@web.de>
Date: Fri, 3 Mar 2006 14:52:40 +0100
Message-id: <[🔎] 20060303135239.GA2444@preusse>
Mail-followup-to: Debian Bug Tracking System <submit@bugs.debian.org>, Debian-teTeX-maint <debian-tetex-maint@lists.debian.org>
Reply-to: Hilmar Preusse <hille42@web.de>, 355122@bugs.debian.org

Package: cupsys
Version: 1.1.14-5woody14
Severity: important
Tags: woody security

Hi,

This is a spin off from #346086. The bug is fixed in teTeX
2.0.2-30sarge4. Further the bug is fixed in the woody version except
the last hunk, which seems to be missing.
I've asked the submitter if one really needs that hunk and got the
answer that the missing hunk could make xpdf hang. He further said:

"This is precisely the fix that is required to avoid endless loops
with prematurely ending PDF files (CVE-2005-3625). So it is not
exploitable to execute any code or something, but it's still a nasty
DoS, particularly in Cups."

Please check if one really needs it in the xpdf version of woody
(1.0) and if yes apply it.
For further informations please refer to the bug quoted above.

Regards,
  Hilmar
-- 
sigmentation fault

Reply to:

Prev by Date: Processed: wrong package
Next by Date: Review of PPD File Structure Specification
Previous by thread: Processed: wrong package
Next by thread: Review of PPD File Structure Specification
Index(es):
- Date
- Thread