Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy

To: Frank Küster <frank@debian.org>
Cc: Martin Schulze <joey@infodrom.org>, 342292@bugs.debian.org, Debian Security Team <team@security.debian.org>, Florian Weimer <fw@deneb.enyo.de>
Subject: Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy
From: Martin Pitt <martin.pitt@canonical.com>
Date: Mon, 12 Dec 2005 07:46:31 +0100
Message-id: <[🔎] 20051212064631.GE12959@box79162.elkhouse.de>
Reply-to: Martin Pitt <martin.pitt@canonical.com>, 342292@bugs.debian.org
In-reply-to: <[🔎] 86irtvkedi.fsf@alhambra.kuesterei.ch>
References: <[🔎] 20051206221518.7625.85542.reportbug@localhost.localdomain> <[🔎] 86lkyx8127.fsf@alhambra.kuesterei.ch> <[🔎] 20051209144703.GA21830@finlandia.infodrom.north.de> <[🔎] 86r78mjh4g.fsf@alhambra.kuesterei.ch> <[🔎] 20051209204508.GZ16502@finlandia.infodrom.north.de> <[🔎] 86irtvkedi.fsf@alhambra.kuesterei.ch>

Hi!

Frank Küster [2005-12-11 13:27 +0100]:
> >> Did you see Martin Pitt's "enhanced" patch - do both address the same
> >> problems?
> >
> > The appendix removes the douplette Martin found, so yes.
> 
> I looked at both, and it seems that Martin's does more.  I'm speaking of
> the patch attached to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342292;msg=136
> 
> It introduces limits.h and does the same we did for the xpdf patches at
> the beginning of the year, namely change code that can be optimized away
> by compilers.  

... or cause an undefined integer overflow.

> It seems to me that Martin Pitt's patch also has everything that yours
> (Joey's) has

As far as I can see, yes.

> Am I correct that the other issues that Florian found are not addressed
> by any patch yet, and have not yet been widely published?  Should I
> delay an upload to sid until this can be fixed, too?

Hm, I'm not aware of any additional issues. Florian raised and
explained why 'p = f1*f2; if (p/f1 != f2)' is flawed, so I updated the
patch to not use it any more. Are there any additional issues I
missed?

Thanks,

Martin

-- 
Martin Pitt              http://www.piware.de
Ubuntu Developer   http://www.ubuntulinux.org
Debian Developer        http://www.debian.org

Reply to:

Follow-Ups:
- Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy
  - From: Frank Küster <frank@kuesterei.ch>

References:
- Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy
  - From: Moritz Muehlenhoff <jmm@inutil.org>
- Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy
  - From: Frank Küster <frank@debian.org>
- Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy
  - From: Martin Schulze <joey@infodrom.org>
- Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy
  - From: Frank Küster <frank@debian.org>
- Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy
  - From: Martin Schulze <joey@infodrom.org>
- Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy
  - From: Frank Küster <frank@debian.org>

Prev by Date: Bug#342292: Fwd: Re: [vendor-sec] xpdf update - patch wrong?
Next by Date: Re: configuration files in TeX add-on packages
Previous by thread: Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy
Next by thread: Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy
Index(es):
- Date
- Thread