Bug#278298: tetex-bin might be affected by CAN-2004-0889
Adrian Bunk <bunk@stusta.de> wrote:
>> > pdftohtml might be affected by CAN-2004-0889
>> > (integer overflow issues in xpdf).
>> >
>> > The code is there, but I haven't checked how it's actually used.
[...]
> it's the right package, but the wrong text (I copied and edited the text
> from #278297, but it seems I forgot to change the package name).
Yes, the code is in our tetex-bin tarball, and I think that it is
used. At least files from the libs/xpdf directory are mentioned e.g. in
texk/web2c/pdftexdir/depends.mak (and depends.mk).
4 c/cc files in texk/web2c/pdftexdir include gmem.h from
libs/xpdf/goo. There might be more. It affects both woody and
sarge/sid.
Adrian, thank you for pointing us to the problem. Is there any
documentation about the fixes that have been done in other packages? I
am sure that *I* do not have the necessary knowledge of C and C++ to
(back)port this to our packages.
Regards, Frank
--
Frank Küster
Inst. f. Biochemie der Univ. Zürich
Debian Developer
Reply to: