Bug#322467: Please Help (was: Bug#322467: [CAN-2005-2097] Loca Table Verification Remote Denial of Service Vulnerability)

2005-08-14 Thread Derek B. Noonburg
On 12 Aug, Martin Schröder wrote: On 2005-08-12 16:08:07 +0200, Martin Schroeder wrote: I don't know about 2005-2097, but the worst would be a crash of pdfTeX. Is a patch around? I've found it and checked the code: The vulnerable code (fofi/FoFiTrueType.cc) is only called from the

Bug#322467: Please Help (was: Bug#322467: [CAN-2005-2097] Loca Table Verification Remote Denial of Service Vulnerability)

2005-08-12 Thread Frank Küster
Hello Thomas, hello Debian Security team, Frank Küster [EMAIL PROTECTED] wrote: tetex-bin_3.0 in experimental is vulnerable. This is about CAN-2005-2097, see http://www.securityfocus.com/bid/14529/info. The provided patch (see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322467) is said

Bug#322467: Please Help (was: Bug#322467: [CAN-2005-2097] Loca Table Verification Remote Denial of Service Vulnerability)

2005-08-12 Thread Thomas Esser
This is why I'm contacting you, Thomas: Although according to the CHANGES file we should have xpdf-3.00 just as the xpdf package has, but at least one file (which should be patched) is missing in the teTeX sources. The following changes are done to the original sources: -

Bug#322467: Please Help (was: Bug#322467: [CAN-2005-2097] Loca Table Verification Remote Denial of Service Vulnerability)

2005-08-12 Thread Martin Schroeder
On 2005-08-12 13:36:32 +0200, Thomas Esser wrote: Now I'm wondering which changes you have made to the upstream sources, and whether they were on purpose; and whether this makes teTeX non-vulnerable, or requires a different patch to fix the vulnerability. For the reasons given above, I

Bug#322467: Please Help (was: Bug#322467: [CAN-2005-2097] Loca Table Verification Remote Denial of Service Vulnerability)

2005-08-12 Thread Martin Schröder
On 2005-08-12 16:08:07 +0200, Martin Schroeder wrote: I don't know about 2005-2097, but the worst would be a crash of pdfTeX. Is a patch around? I've found it and checked the code: The vulnerable code (fofi/FoFiTrueType.cc) is only called from the interactive code (xpdf/PShOutputDev.cc and

Bug#322467: [CAN-2005-2097] Loca Table Verification Remote Denial of Service Vulnerability

2005-08-11 Thread Hilmar Preusse
tags 322467 + experimental stop On 10.08.05 Hilmar Preusse ([EMAIL PROTECTED]) wrote: Package: tetex-bin Version: 2.0.2-31 Severity: grave Tags: patch Just a reminder, http://www.securityfocus.com/bid/14529/info Martin Pitt gave me the hint, that teTeX from stable is not vulnerable

Processed: Re: Bug#322467: [CAN-2005-2097] Loca Table Verification Remote Denial of Service Vulnerability

2005-08-11 Thread Debian Bug Tracking System
Processing commands for [EMAIL PROTECTED]: tags 322467 + experimental Bug#322467: [CAN-2005-2097] Loca Table Verification Remote Denial of Service Vulnerability Tags were: security patch Tags added: experimental stop Stopping processing here. Please contact me if you need assistance. Debian

Bug#322467: [CAN-2005-2097] Loca Table Verification Remote Denial of Service Vulnerability

2005-08-11 Thread Frank Küster
found 322467 3.0-5 thanks Hilmar Preusse [EMAIL PROTECTED] wrote: Package: tetex-bin Version: 2.0.2-31 Severity: grave Tags: patch Justification: can result in disk consumption and ultimately lead to a denial of service condition. Just a reminder,

Bug#322467: [CAN-2005-2097] Loca Table Verification Remote Denial of Service Vulnerability

2005-08-10 Thread Hilmar Preusse
Package: tetex-bin Version: 2.0.2-31 Severity: grave Tags: patch Justification: can result in disk consumption and ultimately lead to a denial of service condition. Just a reminder, http://www.securityfocus.com/bid/14529/info Ubuntu^1 already fixed the xpdf packages. I guess we're affected