Bug#278298: tetex-bin might be affected by CAN-2004-0889
Frank Küster wrote:
> Adrian Bunk <bunk@stusta.de> wrote:
>
> > Package: tetex-bin
> > Version: 2.0.2-22
> > Severity: grave
> > Tags: security
> >
> >
> > pdftohtml might be affected by CAN-2004-0889
>
> this should read tetex-bin instead of pdftohtml, which has a different
> bug.
Darn.
On which version of xpdf is pdftohtml based? 2.x or 3.x?
> > (integer overflow issues in xpdf).
> >
> > The code is there, but I haven't checked how it's actually used.
>
> The xpdf code is used by pdftex. I have not verified that the actual
> pieces of code are used, but I think so.
Could you check?
> I have prepared patches against 1.0.7+20011202-7.1 (woody) and 2.0.2-22
> (sarge/sid). I took the changes to Catalog.cxx and XReF.cxx from
> cupsys_1.1.14-5woody10.diff.gz[1] and prepared patched files by hand
> because the filenames have changed.
That would refer to xpdf 2.x fixes. I'll send you the full patch in
private. That would also actually bye CAN-2004-0888 (xpdf 2.x) the
CAN from above is for xpdf 3.x. Xpdf was rewritten in large chunks a
couple of times.
> For 2.0.2 the cupsys patch would have applied cleanly without fuzziness
> (didn't check for line offsets). For 1.0.7, only three of the four hunks
> in XReF.cxx had their counterpart in XReF.cc (with only small
> differences).
*sigh* Too much, we need an update for woody.
> [1] why hasn't there been a security fix for xpdf in woody? It seems to
> have exactly the same problems.
Really? The vulnerabilities were found in xpdf 2.x and 3.x, but not
in 1.x. It would be good if somebody would audit xpdf 1.x, though,
since there are probably similar problems.
Regards,
Joey
--
Testing? What's that? If it compiles, it is good, if it boots up, it is perfect.
Please always Cc to me when replying to me on the lists.
Reply to: