Re: [SECURITY] [DSA 222-1] New xpdf packages fix arbitrary command execution

To: Raymond Wood <raywood@magma.ca>
Cc: debian-security@lists.debian.org, team@security.debian.org
Subject: Re: [SECURITY] [DSA 222-1] New xpdf packages fix arbitrary command execution
From: Matt Zimmerman <mdz@debian.org>
Date: Tue, 7 Jan 2003 14:09:57 -0500
Message-id: <[🔎] 20030107190957.GJ24744@mizar.alcor.net>
Mail-followup-to: Raymond Wood <raywood@magma.ca>, debian-security@lists.debian.org, team@security.debian.org
In-reply-to: <[🔎] 20030107155658.GA6800@magma.ca>
References: <m18Va1Y-000oeDC@finlandia.Infodrom.North.DE> <[🔎] 20030107155658.GA6800@magma.ca>

On Tue, Jan 07, 2003 at 10:56:58AM -0500, Raymond Wood wrote:

> > We recommend that you upgrade your xpdf package.
> [snip]
> 
> Does anyone know if the 'xpdf-i' is affected by this also, or
> not?

xpdf-i in woody is a dummy package, as the standard xpdf package now
implements the same functionality.  However, xpdf-i 0.90-8 in potato likely
_is_ affected by this vulnerability and needs to be fixed.  I'll investigate
this shortly.

-- 
 - mdz

Reply to:

References:
- Re: [SECURITY] [DSA 222-1] New xpdf packages fix arbitrary command execution
  - From: Raymond Wood <raywood@magma.ca>

Prev by Date: Re: FW: Updated OPENSSL package for Debian?
Next by Date: Re: FW: Updated OPENSSL package for Debian?
Previous by thread: Re: [SECURITY] [DSA 222-1] New xpdf packages fix arbitrary command execution
Next by thread: TCP port 6352?
Index(es):
- Date
- Thread