Your message dated Wed, 6 Apr 2005 16:32:33 +0200
with message-id <[EMAIL PROTECTED]>
and subject line I missed the missing encryption support
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 5 Apr 2005 20:06:22 +0000
>From [EMAIL PROTECTED] Tue Apr 05 13:06:22 2005
Return-path: <[EMAIL PROTECTED]>
Received: from inutil.org (vserver151.vserver151.serverflex.de)
[193.22.164.111]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DIuJZ-0004SR-00; Tue, 05 Apr 2005 13:06:22 -0700
Received: from p54897291.dip.t-dialin.net ([84.137.114.145]
helo=localhost.localdomain)
by vserver151.vserver151.serverflex.de with esmtpsa
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1DIuJV-0004XD-10
for [EMAIL PROTECTED]; Tue, 05 Apr 2005 22:06:18 +0200
Received: from jmm by localhost.localdomain with local (Exim 4.50)
id 1DIuJK-0001u1-2V; Tue, 05 Apr 2005 22:06:06 +0200
Content-Type: multipart/mixed; boundary="===============0832715301=="
MIME-Version: 1.0
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: tetex-bin: CAN-2005-0064 fix was incomplete
X-Mailer: reportbug 3.9
Date: Tue, 05 Apr 2005 22:06:04 +0200
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 84.137.114.145
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
This is a multi-part MIME message sent by reportbug.
--===============0832715301==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Package: tetex-bin
Version: 2.0.2-27
Severity: grave
Tags: security patch
Justification: user security hole
Dear TeX maintainers,
the patch you used to fix CAN-2005-0064 in -26 seems to have been derived from
xpdf 3.00-12, which unfortunately was missing a portion of the security fix
(the one that is referenced as xpdf 3.00pl3 at the xpdf website, this has been
fixed in xpdf 3.00-13). Attached patch provides the necessary fix for the
tetex-bin package.
Cheers,
Moritz
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
Versions of packages tetex-bin depends on:
ii debconf 1.4.47 Debian configuration management sy
ii debianutils 2.13.2 Miscellaneous utilities specific t
ii dpkg 1.10.27 Package maintenance system for Deb
ii ed 0.2-20 The classic unix line editor
ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an
ii libgcc1 1:4.0-0pre2 GCC support library
ii libice6 4.3.0.dfsg.1-12.0.1 Inter-Client Exchange library
ii libkpathsea3 2.0.2-27 path search library for teTeX (run
ii libpaper1 1.1.14-3 Library for handling paper charact
ii libpng12-0 1.2.8rel-1 PNG library - runtime
ii libsm6 4.3.0.dfsg.1-12.0.1 X Window System Session Management
ii libstdc++5 1:3.3.5-12 The GNU Standard C++ Library v3
ii libt1-5 5.0.2-3 Type 1 font rasterizer library - r
ii libwww0 5.4.0-9 The W3C WWW library
ii libx11-6 4.3.0.dfsg.1-12.0.1 X Window System protocol client li
ii libxaw7 4.3.0.dfsg.1-12.0.1 X Athena widget set library
ii libxext6 4.3.0.dfsg.1-12.0.1 X Window System miscellaneous exte
ii libxmu6 4.3.0.dfsg.1-12.0.1 X Window System miscellaneous util
ii libxt6 4.3.0.dfsg.1-12.0.1 X Toolkit Intrinsics
ii mime-support 3.31-1 MIME files 'mime.types' & 'mailcap
ii perl 5.8.4-8 Larry Wall's Practical Extraction
ii sed 4.1.4-2 The GNU sed stream editor
ii tetex-base 2.0.2c-7 Basic library files of teTeX
ii ucf 1.17 Update Configuration File: preserv
ii xlibs 4.3.0.dfsg.1-12 X Keyboard Extension (XKB) configu
ii zlib1g 1:1.2.2-4 compression library - runtime
-- debconf information excluded
--===============0832715301==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="tetex-bin-CAN-2005-0064-missing-check.diff"
diff -Naur tetex-bin-2.0.2.orig/libs/xpdf/xpdf/XRef.cc
tetex-bin-2.0.2/libs/xpdf/xpdf/XRef.cc
--- tetex-bin-2.0.2.orig/libs/xpdf/xpdf/XRef.cc 2002-11-03 23:15:37.000000000
+0100
+++ tetex-bin-2.0.2/libs/xpdf/xpdf/XRef.cc 2005-04-05 21:46:31.000000000
+0200
@@ -481,6 +481,9 @@
} else {
keyLength = 5;
}
+ if (keyLength > 16) {
+ keyLength = 16;
+ }
permFlags = permissions.getInt();
if (encVersion >= 1 && encVersion <= 2 &&
encRevision >= 2 && encRevision <= 3) {
--===============0832715301==--
---------------------------------------
Received: (at 303288-done) by bugs.debian.org; 6 Apr 2005 14:32:39 +0000
>From [EMAIL PROTECTED] Wed Apr 06 07:32:39 2005
Return-path: <[EMAIL PROTECTED]>
Received: from inutil.org (vserver151.vserver151.serverflex.de)
[193.22.164.111]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DJBaB-0007hK-00; Wed, 06 Apr 2005 07:32:39 -0700
Received: from p54897291.dip.t-dialin.net ([84.137.114.145]
helo=localhost.localdomain)
by vserver151.vserver151.serverflex.de with esmtpsa
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1DJBa9-0000Cx-6q
for [EMAIL PROTECTED]; Wed, 06 Apr 2005 16:32:37 +0200
Received: from jmm by localhost.localdomain with local (Exim 4.50)
id 1DJBa6-0001dc-3P
for [EMAIL PROTECTED]; Wed, 06 Apr 2005 16:32:34 +0200
Date: Wed, 6 Apr 2005 16:32:33 +0200
To: [EMAIL PROTECTED]
Subject: I missed the missing encryption support
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.8i
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 84.137.114.145
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Hi,
I missed that. I'm closing the bug.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
