Bug#639645: opu: package xpdf/3.02-1.4+lenny4

To: Michael Gilbert <michael.s.gilbert@gmail.com>, 639645@bugs.debian.org
Subject: Bug#639645: opu: package xpdf/3.02-1.4+lenny4
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sun, 15 Jan 2012 17:21:03 +0000
Message-id: <[🔎] 1326648063.29770.113.camel@jacala.jungle.funky-badger.org>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 639645@bugs.debian.org
In-reply-to: <20110917145001.59c8a09c2488f2de79d34994@gmail.com>
References: <20110917145001.59c8a09c2488f2de79d34994@gmail.com>

On Sat, 2011-09-17 at 14:50 -0400, Michael Gilbert wrote:
> I've decided that it's too risky to disable t1lib in lenny as the
> version of freetype there has some known issues.
> 
> Attached is a new debdiff for this proposed-update.

+xpdf (3.02-1.4+lenny4) oldstable-proposed-updates; urgency=low
+
+  * Fix cve-2011-2902: insecure tempfile usage in zxpdf.
+  * Add NEWS.Debian with information about a set of unfixed t1lib issues
+    (cve-2011-0764, cve-2011-1552, cve-2011-1553, and cve-2011-1554).

DSA 2388 appears to have resolved all of those issues, so I guess we
could look at an update containing just the insecure tempfile change?

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#639645: opu: package xpdf/3.02-1.4+lenny4
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>

Prev by Date: Re: Bug#655179: pastebinit does not read .conf files from ~/.pastebin.d/ directory
Next by Date: Bug#623148: pu: package webkit/1.2.7-0+squeeze2
Previous by thread: Bug#655978: queue-viewer: automatically run check-ia32-libs
Next by thread: Bug#639645: opu: package xpdf/3.02-1.4+lenny4
Index(es):
- Date
- Thread