On Tue, May 12, 2009 at 03:18:15PM +0200, Andrea IACOVITTI wrote: > looking at the security patch > "debian/fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.diff", I > discovered the patch contains a diff for file > kdegraphics-3.5.9.new/kpdf/xpdf/xpdf/JBIG2Stream.cc.rej , is the > patch clean anyway ? Hello. Yes, the patch is OK. Sorry for leaving clutter in it, though. When preparing the update, I based my work on the xpdf patches, but they were against a different xpdf version than the one that's used in kpdf and didn't apply cleanly. I manually ported the patch to the xpdf version used by kpdf, but apparently didn't clean up after the earlier work. The patched kpdf version has been tested against a set of pdf files known to trigger the problems in the vulnerable versions. noah
Attachment:
signature.asc
Description: Digital signature