Package: tetex-bin Version: 2.0.2-31 Severity: grave Tags: patch Justification: can result in disk consumption and ultimately lead to a denial of service condition. Just a reminder, http://www.securityfocus.com/bid/14529/info Ubuntu^1 already fixed the xpdf packages. I guess we're affected too, as pdftex processes pdf files using the code from xpdf. I did not file a bug against xpdf yet. I'm attaching a patch taken from ftp://ftp.kde.org/pub/kde/security_patches/ and the sig. According to Martin Pitt the original patch was posted to vendor-sec but I'm not subscribed to it. Regards, Hilmar ^1 http://www.ubuntulinux.org/support/documentation/usn/usn-163-1 -- sigmentation fault
Attachment:
patch.tar.bz2
Description: Binary data