Bug#286984: tetex-bin: Vulnerable to CAN-2004-1125

To: Martin Pitt <mpitt@debian.org>, 286984@bugs.debian.org
Subject: Bug#286984: tetex-bin: Vulnerable to CAN-2004-1125
From: Hilmar Preusse <hille42@web.de>
Date: Thu, 23 Dec 2004 15:37:00 +0100
Message-id: <[🔎] 20041223143700.GA1900@preusse>
Reply-to: Hilmar Preusse <hille42@web.de>, 286984@bugs.debian.org
In-reply-to: <[🔎] 20041223125400.GA31076@box79162.elkhouse.de>
References: <[🔎] 20041223125400.GA31076@box79162.elkhouse.de>

On 23.12.04 Martin Pitt (mpitt@debian.org) wrote:

Hi,

> Recently CAN-2004-1125 has been discovered in xpdf. Since tetex-bin
> contains verbatim xpdf code (sigh), this package is affected as well.
> 
Time got get a fix for #252104...

> You can get the Ubuntu security update patch from
> 
>   http://patches.ubuntu.com/patches/tetex-bin.CAN-2004-1125.diff
> 
, which is not much more than
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl2.patch + the Debian/Ubuntu
specific stuff. The original report e.g. on
http://www.auscert.org.au/render.html?it=4651 .

Thanks for the report! Hmm, xpdf 1.0 contains exactly the same
vulnerable code. I guess there will be another tetex for stable soon.

Regards,
  Hilmar
-- 
sigmentation fault

Reply to:

Follow-Ups:
- Bug#286984: tetex-bin: Vulnerable to CAN-2004-1125
  - From: Martin Pitt <mpitt@debian.org>
- Bug#286984: tetex-bin: Vulnerable to CAN-2004-1125
  - From: Frank Küster <frank@debian.org>

References:
- Bug#286984: tetex-bin: Vulnerable to CAN-2004-1125
  - From: Martin Pitt <mpitt@debian.org>

Prev by Date: Mess with CVS
Next by Date: CVS frank tetex-bin: created branch debian_version_2_0_2_sargesid and reintroduced
Previous by thread: Bug#286984: tetex-bin: Vulnerable to CAN-2004-1125
Next by thread: Bug#286984: tetex-bin: Vulnerable to CAN-2004-1125
Index(es):
- Date
- Thread