Security vulnerability in xpdf code in tetex-bin?

To: Adrian Bunk <bunk@fs.tum.de>
Cc: tetex-bin@packages.debian.org
Subject: Security vulnerability in xpdf code in tetex-bin?
From: Matt Zimmerman <mdz@debian.org>
Date: Fri, 10 Jan 2003 16:29:41 -0500
Message-id: <[🔎] 20030110212940.GT16472@mizar.alcor.net>
In-reply-to: <20030110205148.GA10486@fs.tum.de>
References: <20030110194251.GO6626@fs.tum.de> <20030110203426.GP16472@mizar.alcor.net> <20030110205148.GA10486@fs.tum.de>

On Fri, Jan 10, 2003 at 09:51:48PM +0100, Adrian Bunk wrote:

> On Fri, Jan 10, 2003 at 03:34:26PM -0500, Matt Zimmerman wrote:
> > If you know of any other copies of this code in Debian, let me know.
> 
> tetex-bin ships a copy (I don't know whether the usage in teTeX is
> affected by this vulnerability).

Argh.  It definitely does contain the vulnerable code.  teTeX maintainers:
can you explain how this code is used?  If it is used for reading PDFs, then
this is a security problem and needs to be fixed in the stable releases, and
I need to know ASAP.

In any case, this code should be updated from a fixed version of xpdf.

-- 
 - mdz

Reply to:

Prev by Date: Bug#175360: tetex-bin: contains ctangle.1 and cweave.1 from cweb
Next by Date: Bug#176182: tetex-bin: Please build pdftosrc
Previous by thread: Processed: your mail
Next by thread: Bug#176182: tetex-bin: Please build pdftosrc
Index(es):
- Date
- Thread