Re: Possible problems in your Debian packages
Hilmar Preusse <hille42@web.de> wrote:
> On 29.10.09 Frank Küster (frank@debian.org) wrote:
>> DDPOMail robot <atomo64+ddpo@gmail.com> wrote:
>
>> > === texlive-bin:
>> > = There are 4 unfixed security issue(s), please fix them.
>> > See http://security-tracker.debian.net/tracker/source-package/texlive-bin
>>
>> They are all fixed in TL 2009, one bug is present in all versions in the
>> archive (a bibtex issue), the others are only present in oldstable. Can
>> we ignore that?
>>
> The bibtex crash is fixed in bibtex8. My last proposal in #520920
> was:
>
> "I propose to remove the old bibtex binary and document that change
> prominently in the NEWS file."
>
> The original bibtex binary by OP will probably never be fixed.
Are you sure? The CVE links to a discussion in the RedHat BTS, where
Karl Berry is cited, saying that he has fixed "it".
http://tug.org/mailman/htdig/tex-live/2009-August/021998.html
The patch he talks about is in the sources; the only thing I'm unsure
about is whether they were really talking about the same thing. It
looks like, though.
Regards, Frank
--
Dr. Frank Küster
Debian Developer (TeXLive)
VCD Aschaffenburg-Miltenberg, ADFC Miltenberg
B90/Grüne KV Miltenberg
Reply to: