[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: xpdf vulnerability?

On 16.03.05 Frank Küster (frank@debian.org) wrote:
> Frank Küster <frank@debian.org> wrote:
> > Micah Anderson <micah@debian.org> wrote:

Hi all,

> >> 7. Is our xpdf vulnerable to CAN-2005-0206[13]?
> >
> > This also needs to be checked for pdftex (in tetex-bin) and
> > pdftohtml, and perhaps others that include xpdf code.
> 
> Can anybody point me to a place where I can find the patch for the
> 64-bit-specific issue?
> 
I was looking for a while, but couldn't find anything.

> I found ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch - if
> that's the right one, tetex-bin in sarge/unstable is vulnerable. 
> In woody the code looks very different.
> 
Well, the xpdf-3.00pl3.patch was IIRC included in the latest
tetex-bin upload (CAN-2005-0064).

H.
-- 
If the girl you love moves in with another guy once, it's more than enough.
Twice, it's much too much.  Three times, it's the story of your life.
Reply to: