On 2005-08-12 13:36:32 +0200, Thomas Esser wrote: > > Now I'm wondering which changes you have made to the upstream sources, > > and whether they were on purpose; and whether this makes teTeX > > non-vulnerable, or requires a different patch to fix the vulnerability. > > For the reasons given above, I think that teTeX is only affected by a > subset of all xpdf vulnerabilities.
We already have xpdf 3.00pl3, so everything till then should be fixed. We checked sometime before CAN2005-2097 for effects of the known vulnerabilities on pdfTeX and found none. I don't know about 2005-2097, but the worst would be a crash of pdfTeX. Is a patch around? Best Martin PS: Derek, the pdfTeX team would highly appreciate it if you would inform the "customers" of xpdf like pdfTeX of known security problems. -- http://www.tm.oneiros.de -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]