[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#286984: marked as done (tetex-bin: Vulnerable to CAN-2004-1125)

Your message dated Tue, 4 Jan 2005 10:20:48 +0100
with message-id <[🔎] 20050104092048.GB2521@preusse-16223.user.cis.dfn.de>
and subject line Bug#286984: CAN-2004-1125: Arbitrary code execution in tetex-bin
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 23 Dec 2004 12:54:32 +0000
>From martin@piware.de Thu Dec 23 04:54:31 2004
Return-path: <martin@piware.de>
Received: from box79162.elkhouse.de [213.9.79.162] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1ChSUB-00046R-00; Thu, 23 Dec 2004 04:54:31 -0800
Received: from martin by box79162.elkhouse.de with local (Exim 4.34)
	id 1ChSTg-00085Z-Oh; Thu, 23 Dec 2004 13:54:00 +0100
Date: Thu, 23 Dec 2004 13:54:00 +0100
From: Martin Pitt <mpitt@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Cc: team@security.debian.org
Subject: tetex-bin: Vulnerable to CAN-2004-1125
Message-ID: <20041223125400.GA31076@box79162.elkhouse.de>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="UugvWAfsgieZRqgk"
Content-Disposition: inline
X-Reportbug-Version: 3.2
X-Debbugs-Cc: team@security.debian.org
User-Agent: Mutt/1.5.6+20040907i
Sender: Martin Pitt <martin@piware.de>
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
	X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 


--UugvWAfsgieZRqgk
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: tetex-bin
Version: 2.0.2-23
Severity: grave
Tags: security patch
Justification: user security hole

Hi teTeX maintainers!

Recently CAN-2004-1125 has been discovered in xpdf. Since tetex-bin
contains verbatim xpdf code (sigh), this package is affected as well.

You can get the Ubuntu security update patch from

  http://patches.ubuntu.com/patches/tetex-bin.CAN-2004-1125.diff

Thanks,

Martin

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.9
Locale: LANG=3Dde_DE.UTF-8, LC_CTYPE=3Dde_DE.UTF-8 (charmap=3DUTF-8)

Versions of packages tetex-bin depends on:
ii  debconf                   1.4.30.10      Debian configuration managemen=
t sy
ii  debianutils               2.8.4          Miscellaneous utilities specif=
ic t
ii  dpkg                      1.10.25        Package maintenance system for=
 Deb
ii  ed                        0.2-20         The classic unix line editor
ii  libc6                     2.3.2.ds1-18   GNU C Library: Shared librarie=
s an
ii  libgcc1                   1:3.4.2-2      GCC support library
ii  libice6                   4.3.0.dfsg.1-8 Inter-Client Exchange library
ii  libkpathsea3              2.0.2-23       path search library for teTeX =
(run
ii  libpaper1                 1.1.14-3       Library for handling paper cha=
ract
ii  libpng12-0                1.2.8rel-1     PNG library - runtime
ii  libsm6                    4.3.0.dfsg.1-8 X Window System Session Manage=
ment
ii  libstdc++5                1:3.3.4-13     The GNU Standard C++ Library v3
ii  libt1-5                   5.0.2-3        Type 1 font rasterizer library=
 - r
ii  libwww0                   5.4.0-9        The W3C WWW library
ii  libx11-6                  4.3.0.dfsg.1-8 X Window System protocol clien=
t li
ii  libxaw7                   4.3.0.dfsg.1-8 X Athena widget set library
ii  libxext6                  4.3.0.dfsg.1-8 X Window System miscellaneous =
exte
ii  libxmu6                   4.3.0.dfsg.1-8 X Window System miscellaneous =
util
ii  libxt6                    4.3.0.dfsg.1-8 X Toolkit Intrinsics
ii  mime-support              3.28-1         MIME files 'mime.types' & 'mai=
lcap
ii  perl                      5.8.4-3        Larry Wall's Practical Extract=
ion=20
ii  sed                       4.1.2-8        The GNU sed stream editor
ii  tetex-base                2.0.2c-3       Basic library files of teTeX
ii  ucf                       1.13           Update Configuration File: pre=
serv
ii  zlib1g                    1:1.2.2-3      compression library - runtime

-- debconf information excluded

--=20
Martin Pitt                       http://www.piware.de
Ubuntu Developer            http://www.ubuntulinux.org
Debian GNU/Linux Developer       http://www.debian.org

--UugvWAfsgieZRqgk
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFByr/oDecnbV4Fd/IRAvZuAJ4wsQ55c2zwolbSA/U+l72sXI0SMACg7Qnl
9V89uKTqLss67z1uAdRBR1c=
=RoOb
-----END PGP SIGNATURE-----

--UugvWAfsgieZRqgk--

---------------------------------------
Received: (at 286984-done) by bugs.debian.org; 4 Jan 2005 10:27:23 +0000
>From hille42@web.de Tue Jan 04 02:27:23 2005
Return-path: <hille42@web.de>
Received: from luonnotar.infodrom.org [195.124.48.78] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1ClluL-0002um-00; Tue, 04 Jan 2005 02:27:21 -0800
Received: by luonnotar.infodrom.org (Postfix, from userid 10)
	id 76D1E366B70; Tue,  4 Jan 2005 11:27:23 +0100 (CET)
Received: by finlandia.infodrom.north.de (Postfix, from userid 501)
	id 6075710005; Tue,  4 Jan 2005 11:26:55 +0100 (CET)
Resent-From: joey@finlandia.infodrom.north.de
Resent-Date: Tue, 4 Jan 2005 11:26:55 +0100
Resent-Message-ID: <20050104102655.GX29581@finlandia.infodrom.north.de>
Resent-To: 286984-done@bugs.debian.org
Received: by finlandia.infodrom.north.de (Postfix, from userid 10)
	id 235DD1001B; Tue,  4 Jan 2005 11:07:14 +0100 (CET)
Received: from luonnotar (localhost [127.0.0.1])
	by finlandia.infodrom.north.de (Postfix) with SMTP id EE8CDDDD3F
	for <joey@finlandia.infodrom.org>; Tue,  4 Jan 2005 11:07:14 +0100 (CET)
Mailbox-Line: From joey@luonnotar.infodrom.org  Tue Jan  4 10:59:09 2005
Received: by luonnotar.infodrom.org (Postfix, from userid 1001)
	id 01D82366B70; Tue,  4 Jan 2005 10:59:09 +0100 (CET)
X-Original-To: joey@infodrom.org
Received: from smtp06.web.de (smtp06.web.de [217.72.192.224])
	by luonnotar.infodrom.org (Postfix) with ESMTP id 86DBC366B74
	for <joey@infodrom.org>; Tue,  4 Jan 2005 10:58:29 +0100 (CET)
Received: from [80.184.45.36] (helo=preusse-16223.user.cis.dfn.de)
	by smtp06.web.de with asmtp (WEB.DE 4.103 #184)
	id 1CllRp-0005sX-00; Tue, 04 Jan 2005 10:57:54 +0100
Received: by preusse-16223.user.cis.dfn.de (Postfix, from userid 1000)
	id 94B17AEC6; Tue,  4 Jan 2005 10:20:48 +0100 (CET)
Date: Tue, 4 Jan 2005 10:20:48 +0100
From: Hilmar Preusse <hille42@web.de>
To: Martin Schulze <joey@infodrom.org>
Cc: 286984@bugs.debian.org
Subject: Re: Bug#286984: CAN-2004-1125: Arbitrary code execution in tetex-bin
Message-ID: <[🔎] 20050104092048.GB2521@preusse-16223.user.cis.dfn.de>
References: <20041227222532.GA1986@finlandia.infodrom.north.de> <871xdaixmn.fsf@alhambra.bioz.unibas.ch> <20041229195233.GE21215@finlandia.infodrom.north.de> <873bxof61j.fsf@alhambra.bioz.unibas.ch> <20041230110931.GE29581@finlandia.infodrom.north.de> <20041231095404.GB6175@preusse-16223.user.cis.dfn.de> <20041231121936.GW29581@finlandia.infodrom.north.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20041231121936.GW29581@finlandia.infodrom.north.de>
User-Agent: Mutt/1.3.28i
Organization: Hilmar Preusse Inc.
X-Uptime: 09:33:19 up 26 min,  3 users,  load average: 0.22, 0.56, 0.54
X-Operating-System: Linux 2.4.28 i686
X-Face: .n=jHnz:2pu0c0)ef]4O#1FE{Vak?h89!g7_#2+PzSRoIU[pJFNnz>gLhn}UMwv}4/j{X.. 2E+>U>P!`PYk
X-Confirmation-Request: yes
X-Confirm-Reading-To: "Hilmar Preusse" <hille42@web.de>
Sender: hille42@web.de
X-Sender: hille42@web.de
X-Spam-Checker-Host: luonnotar
Delivered-To: 286984-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-4.8 required=4.0 tests=BAYES_00,FROM_ENDS_IN_NUMS,
	HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 
X-CrossAssassin-Score: 2

On 31.12.04 Martin Schulze (joey@infodrom.org) wrote:
> Hilmar Preusse wrote:

Hi,

> > So why is the hunk then included in the patch for xpdf 1.0 (DSA
> > 619-1)? Why is it part of 3.00pl2 at all?
> 
> Because it's the upstream fix and doesn't harm.  Contrary to
> tetex-bin this is only a minor part of the correction for cups and
> xpdf.  The real vulnerability does not exist in tetex-bin, so
> there's no update needed.
> 
Would you be so kind to close that bug then?

Thanks and Regards,
  Hilmar
-- 
sigmentation fault
Reply to: