Re: xpdf vulnerability?

To: debian-tetex-maint <debian-tetex-maint@lists.debian.org>
Cc: "xpdf@packages.debian.org.pdftohtml"@packages.debian.org, debian-security@lists.debian.org, secure-testing-team@lists.alioth.debian.org
Subject: Re: xpdf vulnerability?
From: Frank Küster <frank@debian.org>
Date: Wed, 16 Mar 2005 15:29:14 +0100
Message-id: <[🔎] 87ll8nwtol.fsf@alhambra.kuesterei.ch>
In-reply-to: <[🔎] 874qfcc7ug.fsf@alhambra.kuesterei.ch> ( Frank Küster's message of "Wed, 16 Mar 2005 09:28:55 +0100")
References: <[🔎] 20050316040149.GD9731@riseup.net> <[🔎] 874qfcc7ug.fsf@alhambra.kuesterei.ch>

Frank Küster <frank@debian.org> wrote:

> Micah Anderson <micah@debian.org> wrote:
>
>> 7. Is our xpdf vulnerable to CAN-2005-0206[13]?
>
> This also needs to be checked for pdftex (in tetex-bin) and pdftohtml,
> and perhaps others that include xpdf code.

Can anybody point me to a place where I can find the patch for the
64-bit-specific issue?  The CVE only lists the RedHat and Mandrake
security announcements, but I don't know how to get those source-rpm's.
I found ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch - if that's the
right one, tetex-bin in sarge/unstable is vulnerable.  In woody the code
looks very different.

Regards, Frank

-- 
Frank Küster
Inst. f. Biochemie der Univ. Zürich
Debian Developer

Reply to:

Follow-Ups:
- Re: xpdf vulnerability?
  - From: Hilmar Preusse <hille42@web.de>
- Re: xpdf vulnerability?
  - From: Micah Anderson <micah@debian.org>

References:
- Bits from the Testing Security team
  - From: Micah Anderson <micah@debian.org>
- xpdf vulnerability? (was: Bits from the Testing Security team)
  - From: Frank Küster <frank@debian.org>

Prev by Date: xpdf vulnerability? (was: Bits from the Testing Security team)
Next by Date: Re: xpdf vulnerability?
Previous by thread: xpdf vulnerability? (was: Bits from the Testing Security team)
Next by thread: Re: xpdf vulnerability?
Index(es):
- Date
- Thread