On 12 Aug, Martin Schröder wrote:
On 2005-08-12 16:08:07 +0200, Martin Schroeder wrote:
I don't know about 2005-2097, but the worst would be a crash of
pdfTeX. Is a patch around?
I've found it and checked the code: The vulnerable code
(fofi/FoFiTrueType.cc) is only called from the
Hello Thomas, hello Debian Security team,
Frank Küster [EMAIL PROTECTED] wrote:
tetex-bin_3.0 in experimental is vulnerable.
This is about CAN-2005-2097, see
http://www.securityfocus.com/bid/14529/info. The provided patch (see
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322467) is said
This is why I'm contacting you, Thomas: Although according to the
CHANGES file we should have xpdf-3.00 just as the xpdf package has, but
at least one file (which should be patched) is missing in the teTeX
sources.
The following changes are done to the original sources:
-
On 2005-08-12 13:36:32 +0200, Thomas Esser wrote:
Now I'm wondering which changes you have made to the upstream sources,
and whether they were on purpose; and whether this makes teTeX
non-vulnerable, or requires a different patch to fix the vulnerability.
For the reasons given above, I
On 2005-08-12 16:08:07 +0200, Martin Schroeder wrote:
I don't know about 2005-2097, but the worst would be a crash of
pdfTeX. Is a patch around?
I've found it and checked the code: The vulnerable code
(fofi/FoFiTrueType.cc) is only called from the interactive code
(xpdf/PShOutputDev.cc and
tags 322467 + experimental
stop
On 10.08.05 Hilmar Preusse ([EMAIL PROTECTED]) wrote:
Package: tetex-bin
Version: 2.0.2-31
Severity: grave
Tags: patch
Just a reminder,
http://www.securityfocus.com/bid/14529/info
Martin Pitt gave me the hint, that teTeX from stable is not
vulnerable
Processing commands for [EMAIL PROTECTED]:
tags 322467 + experimental
Bug#322467: [CAN-2005-2097] Loca Table Verification Remote Denial of Service
Vulnerability
Tags were: security patch
Tags added: experimental
stop
Stopping processing here.
Please contact me if you need assistance.
Debian
found 322467 3.0-5
thanks
Hilmar Preusse [EMAIL PROTECTED] wrote:
Package: tetex-bin
Version: 2.0.2-31
Severity: grave
Tags: patch
Justification: can result in disk consumption and ultimately lead to a denial
of service condition.
Just a reminder,
Package: tetex-bin
Version: 2.0.2-31
Severity: grave
Tags: patch
Justification: can result in disk consumption and ultimately lead to a denial
of service condition.
Just a reminder,
http://www.securityfocus.com/bid/14529/info
Ubuntu^1 already fixed the xpdf packages. I guess we're affected
9 matches
Mail list logo