[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#382506: tetex-bin: DoS in embedded libgd2 copy [CVE-2006-2906]

Martin Pitt <martin.pitt@ubuntu.com> wrote:

> Package: tetex-bin
> Version: 3.0-13
> Severity: normal
> Tags: patch security
> Hi!
> tetex-bin 3.0 contains a copy of libgd2 source code in libs/gd. 
> [...] The best solution would be to build against
> the system libgd2 library instead of using a code copy.

This we already do since 3.0-17, and testing has 3.0-18 already.  I
guess Ubuntu 6.5 (or whenever it was released) has 3.0-13, that's why
you came up with it?

Or do you think we should patch the unused code?

Regards, Frank
Frank Küster
Single Molecule Spectroscopy, Protein Folding @ Inst. f. Biochemie, Univ. Zürich
Debian Developer (teTeX/TeXLive)

Reply to: