[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#639645: opu: package xpdf/3.02-1.4+lenny4

On Sun, Jan 15, 2012 at 12:21 PM, Adam D. Barratt wrote:
> On Sat, 2011-09-17 at 14:50 -0400, Michael Gilbert wrote:
>> I've decided that it's too risky to disable t1lib in lenny as the
>> version of freetype there has some known issues.
>> Attached is a new debdiff for this proposed-update.
> +xpdf (3.02-1.4+lenny4) oldstable-proposed-updates; urgency=low
> +
> +  * Fix cve-2011-2902: insecure tempfile usage in zxpdf.
> +  * Add NEWS.Debian with information about a set of unfixed t1lib issues
> +    (cve-2011-0764, cve-2011-1552, cve-2011-1553, and cve-2011-1554).
> DSA 2388 appears to have resolved all of those issues, so I guess we
> could look at an update containing just the insecure tempfile change?

Yes, that's correct.  I'll ready a new package.

Best wishes,

Reply to: