Bug#286984: CAN-2004-1125: Arbitrary code execution in tetex-bin

To: Hilmar Preusse <hille42@web.de>
Cc: 286984@bugs.debian.org
Subject: Bug#286984: CAN-2004-1125: Arbitrary code execution in tetex-bin
From: Martin Schulze <joey@infodrom.org>
Date: Fri, 31 Dec 2004 13:19:36 +0100
Message-id: <[🔎] 20041231121936.GW29581@finlandia.infodrom.north.de>
Reply-to: Martin Schulze <joey@infodrom.org>, 286984@bugs.debian.org
In-reply-to: <[🔎] 20041231095404.GB6175@preusse-16223.user.cis.dfn.de>
References: <20041227222532.GA1986@finlandia.infodrom.north.de> <[🔎] 871xdaixmn.fsf@alhambra.bioz.unibas.ch> <[🔎] 20041229195233.GE21215@finlandia.infodrom.north.de> <[🔎] 873bxof61j.fsf@alhambra.bioz.unibas.ch> <[🔎] 20041230110931.GE29581@finlandia.infodrom.north.de> <[🔎] 20041231095404.GB6175@preusse-16223.user.cis.dfn.de>

Hilmar Preusse wrote:
> > > >> > I'm attaching the patch we're using for fixing woody.
> > > >> 
> > > >> The patch was empty. 
> > > >
> > > > Uh?  How did that happen?
> > > 
> > > Don't know. I would still be interested.
> > 
> > It's basically the same as in this bug report, but it's bogus
> > as you correctly pointed out, since the program flow will end
> > in the case statement that is able to detect wrong values of
> > nComps.
> > 
> So why is the hunk then included in the patch for xpdf 1.0 (DSA
> 619-1)? Why is it part of 3.00pl2 at all?

Because it's the upstream fix and doesn't harm.  Contrary to tetex-bin
this is only a minor part of the correction for cups and xpdf.  The
real vulnerability does not exist in tetex-bin, so there's no update
needed.

Regards,

	Joey

-- 
A mathematician is a machine for converting coffee into theorems.   Paul Erdös

Please always Cc to me when replying to me on the lists.

Reply to:

References:
- Bug#286984: CAN-2004-1125: Arbitrary code execution in tetex-bin
  - From: Frank Küster <frank@debian.org>
- Bug#286984: CAN-2004-1125: Arbitrary code execution in tetex-bin
  - From: Martin Schulze <joey@infodrom.org>
- Bug#286984: CAN-2004-1125: Arbitrary code execution in tetex-bin
  - From: Frank Küster <frank@debian.org>
- Bug#286984: CAN-2004-1125: Arbitrary code execution in tetex-bin
  - From: Martin Schulze <joey@infodrom.org>
- Bug#286984: CAN-2004-1125: Arbitrary code execution in tetex-bin
  - From: Hilmar Preusse <hille42@web.de>

Prev by Date: Bug#181310: tetex-base: \t command breaks with babel & Italian
Next by Date: CVS frank tetex-base: [experimental] added babel bug to list of closed bugs
Previous by thread: Bug#286984: CAN-2004-1125: Arbitrary code execution in tetex-bin
Next by thread: Your account has been created
Index(es):
- Date
- Thread