Bug#346086: marked as done (tetex-bin: New integer overflows in xpdf copy [CVE-2005-3624, CVE-2005-3625, CVE-2005-3627])

To: Hilmar Preusse <hille42@web.de>
Subject: Bug#346086: marked as done (tetex-bin: New integer overflows in xpdf copy [CVE-2005-3624, CVE-2005-3625, CVE-2005-3627])
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Fri, 22 Sep 2006 01:33:31 -0700
Message-id: <[🔎] handler.346086.D346086.115891388526299.ackdone@bugs.debian.org>
References: <20060922083046.GA3436@PC23> <20060105141426.GF5210@piware.de>

Your message dated Fri, 22 Sep 2006 10:30:46 +0200
with message-id <20060922083046.GA3436@PC23>
and subject line Bug#346086: tetex-bin: New integer overflows in xpdf copy [CVE-2005-3624, CVE-2005-3625, CVE-2005-3627]
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

To: Debian BTS Submit <submit@bugs.debian.org>

Cc: security@debian.org

Subject: tetex-bin: New integer overflows in xpdf copy [CVE-2005-3624, CVE-2005-3625, CVE-2005-3627]

From: Martin Pitt <martin.pitt@ubuntu.com>

Date: Thu, 5 Jan 2006 15:14:26 +0100

Message-id: <20060105141426.GF5210@piware.de>
Package: tetex-bin
Version: 2.0.2-30
Severity: critical
Tags: security patch

Hi!

Chris Evans found some more integer overflows in the xpdf code [1] which affect
tetex-bin as well. [1] also has demo exploit PDFs for patch checking.

See [2] for the Ubuntu debdiff. 

This only affects sarge (and woody); luckily sid is finally cured
forever due to poppler, so please mark this bug as fixed in sid.

Thanks,

Martin

[1] http://scary.beasts.org/security/b0dfca810501f2da/CESA-2005-003.txt
[2] http://patches.ubuntu.com/patches/tetex-bin.CVE-2005-3624_5_7.diff

-- 
Martin Pitt        http://www.piware.de
Ubuntu Developer   http://www.ubuntu.com
Debian Developer   http://www.debian.org

In a world without walls and fences, who needs Windows and Gates?
Attachment: signature.asc
Description: Digital signature

--- End Message ---

--- Begin Message ---

To: Martin Pitt <martin.pitt@ubuntu.com>, 346086-done@bugs.debian.org

Subject: Re: Bug#346086: tetex-bin: New integer overflows in xpdf copy [CVE-2005-3624, CVE-2005-3625, CVE-2005-3627]

From: Hilmar Preusse <hille42@web.de>

Date: Fri, 22 Sep 2006 10:30:46 +0200

Message-id: <20060922083046.GA3436@PC23>

In-reply-to: <20060105141426.GF5210@piware.de>

References: <20060105141426.GF5210@piware.de>
On 05.01.06 Martin Pitt (martin.pitt@ubuntu.com) wrote:

Hi,

> Chris Evans found some more integer overflows in the xpdf code [1]
> which affect tetex-bin as well. [1] also has demo exploit PDFs for
> patch checking.
> 
The bug actually only affects woody. The sec support for woody has
experied recently^1 -> Closing.

H.

^1 http://www.debian.org/News/2006/20060601
-- 
sigmentation fault
--- End Message ---

Reply to:

Prev by Date: Bug#388653: texlive-pictures: new version of dcpic available
Next by Date: Closing pkg-texlive project
Previous by thread: Bug#388653: texlive-pictures: new version of dcpic available
Next by thread: Closing pkg-texlive project
Index(es):
- Date
- Thread