Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy

To: Frank Küster <frank@debian.org>
Cc: 342292@bugs.debian.org, Debian Security Team <team@security.debian.org>, Martin Pitt <mpitt@debian.org>, Florian Weimer <fw@deneb.enyo.de>
Subject: Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy
From: Martin Schulze <joey@infodrom.org>
Date: Mon, 12 Dec 2005 08:52:39 +0100
Message-id: <[🔎] 20051212075239.GI16502@finlandia.infodrom.north.de>
Reply-to: Martin Schulze <joey@infodrom.org>, 342292@bugs.debian.org
In-reply-to: <[🔎] 86irtvkedi.fsf@alhambra.kuesterei.ch>
References: <[🔎] 20051206221518.7625.85542.reportbug@localhost.localdomain> <[🔎] 86lkyx8127.fsf@alhambra.kuesterei.ch> <[🔎] 20051209144703.GA21830@finlandia.infodrom.north.de> <[🔎] 86r78mjh4g.fsf@alhambra.kuesterei.ch> <[🔎] 20051209204508.GZ16502@finlandia.infodrom.north.de> <[🔎] 86irtvkedi.fsf@alhambra.kuesterei.ch>

Hi Frank!

Frank Küster wrote:
> I looked at both, and it seems that Martin's does more.  I'm speaking of
> the patch attached to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342292;msg=136
> 
> It introduces limits.h and does the same we did for the xpdf patches at
> the beginning of the year, namely change code that can be optimized away
> by compilers.  

*sigh* You are correct.  I'll add the missing bits as well.

> It seems to me that Martin Pitt's patch also has everything that yours
> (Joey's) has, but I'm not completely sure; anyway it seems that also the
> stable packages should use the code with limits.h.

Aye.

> Am I correct that the other issues that Florian found are not addressed
> by any patch yet, and have not yet been widely published?  Should I
> delay an upload to sid until this can be fixed, too?

Which issues?  *phear*

Regards,

	Joey

-- 
If nothing changes, everything will remain the same.  -- Barne's Law

Please always Cc to me when replying to me on the lists.

Reply to:

Follow-Ups:
- Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy
  - From: Frank Küster <frank@debian.org>

References:
- Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy
  - From: Moritz Muehlenhoff <jmm@inutil.org>
- Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy
  - From: Frank Küster <frank@debian.org>
- Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy
  - From: Martin Schulze <joey@infodrom.org>
- Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy
  - From: Frank Küster <frank@debian.org>
- Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy
  - From: Martin Schulze <joey@infodrom.org>
- Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy
  - From: Frank Küster <frank@debian.org>

Prev by Date: Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy
Next by Date: Re: configuration files in TeX add-on packages
Previous by thread: Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy
Next by thread: Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy
Index(es):
- Date
- Thread