Re: xpdf code security, removal of pdftohtml
Frederic Peters wrote:
> Hello,
>
> xpdf has a long history of security problems, and got its code
> duplicated in a lot of packages. All of this has to be tracked
> by the security team and this is a serious burden.
>
> As Moritz wrote:
>
>>> the whole xpdf mess is just insane: There's another massive round
>>> of security issues being found and it's certainly not the last.
>>> I won't spend another 2-3 days for each maintenance round of this
>>> junk, so we need to cut down the maintenance overhead now:
>
>
> I am the maintainer of pdftohtml, it embeds code from xpdf, and can be
> replaced by pdftohtml from poppler-utils; this has been the case in sid
> for months (package got removed from sid/lenny in June) and nobody
> complained about compatibility problems using the new poppler code.
>
>
> We failed to manage the transition before Etch went out but it would
> be appreciated to do it for a point release; Moritz wrote:
>
>>> I don't remember why we didn't make the transition to poppler-utils
>>> inside Etch in time, but we need to it now in a point update.
>
> There is a pdftohtml package converted to be a transitional package
> available at http://people.debian.org/~fpeters/pdftohtml/, interdiff
> is attached to this message. It adds a NEWS file explaining the
> situation.
>
> Could this issue be considered by the release team ?
Please upload.
Cheers
Luk
Reply to: