Bug#382506: tetex-bin: DoS in embedded libgd2 copy [CVE-2006-2906]

To: Martin Pitt <martin.pitt@ubuntu.com>
Cc: 382506@bugs.debian.org
Subject: Bug#382506: tetex-bin: DoS in embedded libgd2 copy [CVE-2006-2906]
From: Frank Küster <frank@debian.org>
Date: Mon, 14 Aug 2006 22:43:09 +0200
Message-id: <[🔎] 86psf359r6.fsf@alhambra.kuesterei.ch>
Reply-to: Frank Küster <frank@debian.org>, 382506@bugs.debian.org
In-reply-to: <[🔎] 20060811144925.GI5244@piware.de> (Martin Pitt's message of "Fri, 11 Aug 2006 16:49:25 +0200")
References: <[🔎] 20060811144925.GI5244@piware.de>

Martin Pitt <martin.pitt@ubuntu.com> wrote:

> Package: tetex-bin
> Version: 3.0-13
> Severity: normal
> Tags: patch security
>
> Hi!
>
> tetex-bin 3.0 contains a copy of libgd2 source code in libs/gd. 
> [...] The best solution would be to build against
> the system libgd2 library instead of using a code copy.

This we already do since 3.0-17, and testing has 3.0-18 already.  I
guess Ubuntu 6.5 (or whenever it was released) has 3.0-13, that's why
you came up with it?

Or do you think we should patch the unused code?

Regards, Frank
-- 
Frank Küster
Single Molecule Spectroscopy, Protein Folding @ Inst. f. Biochemie, Univ. Zürich
Debian Developer (teTeX/TeXLive)

Reply to:

References:
- Bug#382506: tetex-bin: DoS in embedded libgd2 copy [CVE-2006-2906]
  - From: Martin Pitt <martin.pitt@ubuntu.com>

Prev by Date: magic headers (was: Upload of new texlive packages)
Next by Date: Bug#382506: marked as done (tetex-bin: DoS in embedded libgd2 copy [CVE-2006-2906])
Previous by thread: Bug#382506: tetex-bin: DoS in embedded libgd2 copy [CVE-2006-2906]
Next by thread: Bug#382506: marked as done (tetex-bin: DoS in embedded libgd2 copy [CVE-2006-2906])
Index(es):
- Date
- Thread