Re: [SECURITY] [DSA 599-1] New tetex-bin packages fix arbitrary code execution

To: debian-security@lists.debian.org
Cc: developers-l@lists.adamantix.org, frank@debian.org
Subject: Re: [SECURITY] [DSA 599-1] New tetex-bin packages fix arbitrary code execution
From: Torge Szczepanek <debian-security@szczepanek.de>
Date: Sun, 28 Nov 2004 11:27:57 +0100
Message-id: <1101637677.4010.11.camel@cygnus.maus.net>
In-reply-to: <m1CXKv2-000okHC@finlandia.Infodrom.North.DE>
References: <m1CXKv2-000okHC@finlandia.Infodrom.North.DE>

Am Donnerstag, den 25.11.2004, 15:48 +0100 schrieb Martin Schulze:

> For the unstable distribution (sid) these problems have been fixed in
> version 2.0.2-23.

It seems that this currently has not been fixed in the mentioned
version.

After reviewing differences between 2.0.2-14.1 (Adamantix Package, based
on 2.0.2-14 Debian Package) and 2.0.2-23 I find:

diff -uNr debian/tetex-bin-2.0.2/libs/xpdf  new/tetex-
bin-2.0.2/libs/xpdf

szczepan@cygnus:~$ head -1 debian/tetex-bin-2.0.2/debian/changelog
tetex-bin (2.0.2-23) unstable; urgency=high
szczepan@cygnus:~$ head -1 new/tetex-bin-2.0.2/debian/changelog
tetex-bin (2.0.2-14.1) testing; urgency=medium

Wenn looking into the code I found out that there were done no changes
in the libs/xpdf code between 2.0.2-14.1 and 2.0.2-23 as mentioned in:

http://lists.debian.org/debian-tetex-maint/2004/11/msg00006.html

-- 
Torge Szczepanek <debian-security@szczepanek.de>

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 599-1] New tetex-bin packages fix arbitrary code execution
  - From: Frank Küster <frank@debian.org>
- Re: [SECURITY] [DSA 599-1] New tetex-bin packages fix arbitrary code execution
  - From: Frank Küster <frank@debian.org>

Prev by Date: Re: bad md5's on ftp.us.debian.org ?
Next by Date: Re: murphy in sbl.spamhaus.org
Previous by thread: Re: Serious problem after tetex security update
Next by thread: Re: [SECURITY] [DSA 599-1] New tetex-bin packages fix arbitrary code execution
Index(es):
- Date
- Thread