Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy

To: Martin Schulze <joey@infodrom.org>
Cc: 342292@bugs.debian.org, Debian Security Team <team@security.debian.org>, Martin Pitt <mpitt@debian.org>, Florian Weimer <fw@deneb.enyo.de>
Subject: Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy
From: Frank Küster <frank@debian.org>
Date: Tue, 13 Dec 2005 18:17:03 +0100
Message-id: <[🔎] 86oe3kyl0w.fsf@alhambra.kuesterei.ch>
Reply-to: Frank Küster <frank@debian.org>, 342292@bugs.debian.org
In-reply-to: <[🔎] 20051212075239.GI16502@finlandia.infodrom.north.de> (Martin Schulze's message of "Mon, 12 Dec 2005 08:52:39 +0100")
References: <[🔎] 20051206221518.7625.85542.reportbug@localhost.localdomain> <[🔎] 86lkyx8127.fsf@alhambra.kuesterei.ch> <[🔎] 20051209144703.GA21830@finlandia.infodrom.north.de> <[🔎] 86r78mjh4g.fsf@alhambra.kuesterei.ch> <[🔎] 20051209204508.GZ16502@finlandia.infodrom.north.de> <[🔎] 86irtvkedi.fsf@alhambra.kuesterei.ch> <[🔎] 20051212075239.GI16502@finlandia.infodrom.north.de>

Martin Schulze <joey@infodrom.org> wrote:

>> Am I correct that the other issues that Florian found are not addressed
>> by any patch yet, and have not yet been widely published?  Should I
>> delay an upload to sid until this can be fixed, too?
>
> Which issues?  *phear*

Florian said that the new function gmallocn (used in xpdf >= 3.01 and
derivatives, but not in tetex-bin) isn't save, either.

I'm currently preparing an upload of tetex-bin linked against libpoppler.

Regards, Frank
-- 
Frank Küster
Inst. f. Biochemie der Univ. Zürich
Debian Developer

Reply to:

References:
- Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy
  - From: Moritz Muehlenhoff <jmm@inutil.org>
- Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy
  - From: Frank Küster <frank@debian.org>
- Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy
  - From: Martin Schulze <joey@infodrom.org>
- Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy
  - From: Frank Küster <frank@debian.org>
- Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy
  - From: Martin Schulze <joey@infodrom.org>
- Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy
  - From: Frank Küster <frank@debian.org>
- Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy
  - From: Martin Schulze <joey@infodrom.org>

Prev by Date: Bug#343172: tetex-bin: texconfig-sys calls fmtutil and updmap instead of fmtutil-sys and updmap-sys
Next by Date: Processing of tetex-bin_3.0-12_i386.changes
Previous by thread: Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy
Next by thread: Bug#342292: marked as done (tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy)
Index(es):
- Date
- Thread