[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#346086: tetex-bin: New integer overflows in xpdf copy [CVE-2005-3624, CVE-2005-3625, CVE-2005-3627]



On 27.01.06 Martin Pitt (mpitt@debian.org) wrote:
> Hilmar Preusse [2006-01-27  9:56 +0100]:

Hi,

> > So, what is that now?
> > 
> > - a security leak, which must be fixed
> > - rather an inconvenience, which should be fixed?
> 
> For CUPS it was a real DoS which must be fixed, but for tetex-bin
> it's just an inconvenience; there will be few systems which
> automatically process untrusted LaTeX documents with PDF files sent
> by remote attackers.
> 
So, the last hunk seems not to exist in cupsys_1.1.14-5woody14.
Should we submit a bug against it?
Further I suggest to close the bug now or at least downgrade it to
important and close it as soon as the support for woody has ended.

Regards,
  Hilmar
-- 
sigmentation fault

Attachment: pgphZ9ecRpgtT.pgp
Description: PGP signature


Reply to: