[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#300182: tetex-bin still vulnerable to CAN-2004-0888 (CAN-2005-0206)

Hi Martin,

Hilmar Preusse <hille42@web.de> wrote:

> On 18.03.05 Joey Hess (joeyh@debian.org) wrote:
>> Hilmar Preusse wrote:
>
> Hi,
>
>> > As recently discovered the patch, which fixed CAN-2004-0888,
>> > seems to be broken on all 64bit platforms (tested only on ia64
>> > though).[1]
>> 
>> Note that CAN-2005-0206 has been assigned for this issue.
>> 
>> BTW, since you were able to track this one down, do you have any
>> info about the other packages (cupsys, xpdf, etc) that also has
>> CAN-2004-0888? Do they also need fixes, and do you have a patch for
>> them?
>> 
> Martin Pitt <martin <at> piware.de> told me, that tetex-bin is not
> vulnerable  as the file debian/patches/patch-CAN-2004-0888 continas
> not the original patch form the xpdf developer, but already a fixed
> version of the patch.

Martin, good to hear that.  Did you also read the other messages in this
thread, namely Hamish's confusion about CAN-2004-0888 vs. CAN-2004-0889?
And, by the way, why didn't you answer to the bug, or the security
list(s)? 

Regards, Frank
-- 
Frank Küster
Inst. f. Biochemie der Univ. Zürich
Debian Developer
Reply to: