Bug#286984: CAN-2004-1125: Arbitrary code execution in tetex-bin

To: Martin Schulze <joey@infodrom.org>
Cc: 286984@bugs.debian.org
Subject: Bug#286984: CAN-2004-1125: Arbitrary code execution in tetex-bin
From: Hilmar Preusse <hille42@web.de>
Date: Tue, 4 Jan 2005 10:20:48 +0100
Message-id: <[🔎] 20050104092048.GB2521@preusse-16223.user.cis.dfn.de>
Reply-to: Hilmar Preusse <hille42@web.de>, 286984@bugs.debian.org
In-reply-to: <20041231121936.GW29581@finlandia.infodrom.north.de>
References: <20041227222532.GA1986@finlandia.infodrom.north.de> <871xdaixmn.fsf@alhambra.bioz.unibas.ch> <20041229195233.GE21215@finlandia.infodrom.north.de> <873bxof61j.fsf@alhambra.bioz.unibas.ch> <20041230110931.GE29581@finlandia.infodrom.north.de> <20041231095404.GB6175@preusse-16223.user.cis.dfn.de> <20041231121936.GW29581@finlandia.infodrom.north.de>

On 31.12.04 Martin Schulze (joey@infodrom.org) wrote:
> Hilmar Preusse wrote:

Hi,

> > So why is the hunk then included in the patch for xpdf 1.0 (DSA
> > 619-1)? Why is it part of 3.00pl2 at all?
> 
> Because it's the upstream fix and doesn't harm.  Contrary to
> tetex-bin this is only a minor part of the correction for cups and
> xpdf.  The real vulnerability does not exist in tetex-bin, so
> there's no update needed.
> 
Would you be so kind to close that bug then?

Thanks and Regards,
  Hilmar
-- 
sigmentation fault

Reply to:

Prev by Date: Re: upload to experimental
Next by Date: Bug#286984: marked as done (tetex-bin: Vulnerable to CAN-2004-1125)
Previous by thread: Processed: Re: PSTricks: [Bug#145478: tetex-doc: multidoc.doc has extra /end{description}]
Next by thread: Bug#286984: marked as done (tetex-bin: Vulnerable to CAN-2004-1125)
Index(es):
- Date
- Thread