Bug#382506: tetex-bin: DoS in embedded libgd2 copy [CVE-2006-2906]
Martin Pitt <martin.pitt@ubuntu.com> wrote:
> Package: tetex-bin
> Version: 3.0-13
> Severity: normal
> Tags: patch security
>
> Hi!
>
> tetex-bin 3.0 contains a copy of libgd2 source code in libs/gd.
> [...] The best solution would be to build against
> the system libgd2 library instead of using a code copy.
This we already do since 3.0-17, and testing has 3.0-18 already. I
guess Ubuntu 6.5 (or whenever it was released) has 3.0-13, that's why
you came up with it?
Or do you think we should patch the unused code?
Regards, Frank
--
Frank Küster
Single Molecule Spectroscopy, Protein Folding @ Inst. f. Biochemie, Univ. Zürich
Debian Developer (teTeX/TeXLive)
Reply to: