Bug#322467: Please Help (was: Bug#322467: [CAN-2005-2097] Loca Table Verification Remote Denial of Service Vulnerability)
> This is why I'm contacting you, Thomas: Although according to the
> CHANGES file we should have xpdf-3.00 just as the xpdf package has, but
> at least one file (which should be patched) is missing in the teTeX
> sources.
The following changes are done to the original sources:
- xpdf/GlobalParams.cc: add GlobalParams::GlobalParams() which is
basically a stripped down GlobalParams::GlobalParams(char *cfgFileName)
- remove all files which are not needed for pdftex, e.g. those for
the stand-alone xpdf viewer
- portability / security fixes
Those from the last group are always forwarded upstream, of course.
> Now I'm wondering which changes you have made to the upstream sources,
> and whether they were on purpose; and whether this makes teTeX
> non-vulnerable, or requires a different patch to fix the vulnerability.
For the reasons given above, I think that teTeX is only affected by a
subset of all xpdf vulnerabilities.
Thomas
Reply to: