Bug#322467: Please Help (was: Bug#322467: [CAN-2005-2097] Loca Table Verification Remote Denial of Service Vulnerability)

To: Thomas Esser <te@dbs.uni-hannover.de>
Cc: Frank Küster <frank@debian.org>, Hilmar Preusse <hille42@web.de>, Joey Hess <joeyh@debian.org>, 322467@bugs.debian.org, Debian Security Team <team@security.debian.org>, "Derek B. Noonburg" <derekn@foolabs.com>
Subject: Bug#322467: Please Help (was: Bug#322467: [CAN-2005-2097] Loca Table Verification Remote Denial of Service Vulnerability)
From: Martin Schroeder <ms@pdftex.org>
Date: Fri, 12 Aug 2005 16:08:07 +0200
Message-id: <[🔎] 20050812140807.GA15151@lucien.oneiros.kn-bremen.de>
Reply-to: Martin Schroeder <ms@pdftex.org>, 322467@bugs.debian.org
In-reply-to: <[🔎] 20050812113632.GA12044@dbs.uni-hannover.de>
References: <[🔎] 20050810201817.GA2452@preusse> <[🔎] 87br44on2t.fsf@alhambra.kuesterei.ch> <[🔎] 87d5oj7d8l.fsf_-_@alhambra.kuesterei.ch> <[🔎] 20050812113632.GA12044@dbs.uni-hannover.de>

On 2005-08-12 13:36:32 +0200, Thomas Esser wrote:
> > Now I'm wondering which changes you have made to the upstream sources,
> > and whether they were on purpose; and whether this makes teTeX
> > non-vulnerable, or requires a different patch to fix the vulnerability.
> 
> For the reasons given above, I think that teTeX is only affected by a
> subset of all xpdf vulnerabilities.

We already have xpdf 3.00pl3, so everything till then should be
fixed. We checked sometime before CAN2005-2097 for effects of the
known vulnerabilities on pdfTeX and found none.

I don't know about 2005-2097, but the worst would be a crash of
pdfTeX. Is a patch around?

Best
    Martin

PS: Derek, the pdfTeX team would highly appreciate it if you
    would inform the "customers" of xpdf like pdfTeX of known
    security problems.
-- 
                    http://www.tm.oneiros.de

Reply to:

Follow-Ups:
- Bug#322467: Please Help (was: Bug#322467: [CAN-2005-2097] Loca Table Verification Remote Denial of Service Vulnerability)
  - From: Martin Schröder <martin@oneiros.de>
- Bug#322467: Please Help
  - From: Frank Küster <frank@debian.org>

References:
- Bug#322467: [CAN-2005-2097] Loca Table Verification Remote Denial of Service Vulnerability
  - From: Hilmar Preusse <hille42@web.de>
- Bug#322467: [CAN-2005-2097] Loca Table Verification Remote Denial of Service Vulnerability
  - From: Frank Küster <frank@debian.org>
- Bug#322467: Please Help (was: Bug#322467: [CAN-2005-2097] Loca Table Verification Remote Denial of Service Vulnerability)
  - From: Frank Küster <frank@debian.org>
- Bug#322467: Please Help (was: Bug#322467: [CAN-2005-2097] Loca Table Verification Remote Denial of Service Vulnerability)
  - From: Thomas Esser <te@dbs.uni-hannover.de>

Prev by Date: Bug#51869: attempt was made
Next by Date: Bug#322467: Please Help (was: Bug#322467: [CAN-2005-2097] Loca Table Verification Remote Denial of Service Vulnerability)
Previous by thread: Bug#322467: Please Help (was: Bug#322467: [CAN-2005-2097] Loca Table Verification Remote Denial of Service Vulnerability)
Next by thread: Bug#322467: Please Help (was: Bug#322467: [CAN-2005-2097] Loca Table Verification Remote Denial of Service Vulnerability)
Index(es):
- Date
- Thread