[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Possible problems in your Debian packages

Hilmar Preusse <hille42@web.de> wrote:

> On 29.10.09 Frank Küster (frank@debian.org) wrote:
>> DDPOMail robot <atomo64+ddpo@gmail.com> wrote:
>
>> > === texlive-bin:
>> > = There are 4 unfixed security issue(s), please fix them.
>> >  See http://security-tracker.debian.net/tracker/source-package/texlive-bin
>> 
>> They are all fixed in TL 2009, one bug is present in all versions in the
>> archive (a bibtex issue), the others are only present in oldstable.  Can
>> we ignore that?
>> 
> The bibtex crash is fixed in bibtex8. My last proposal in #520920
> was:
>
> "I propose to remove the old bibtex binary and document that change
> prominently in the NEWS file."
>
> The original bibtex binary by OP will probably never be fixed.

Are you sure?  The CVE links to a discussion in the RedHat BTS, where
Karl Berry is cited, saying that he has fixed "it".

http://tug.org/mailman/htdig/tex-live/2009-August/021998.html

The patch he talks about is in the sources; the only thing I'm unsure
about is whether they were really talking about the same thing.  It
looks like, though.

Regards, Frank
-- 
Dr. Frank Küster
Debian Developer (TeXLive)
VCD Aschaffenburg-Miltenberg, ADFC Miltenberg
B90/Grüne KV Miltenberg
Reply to: