On Sun, Jan 15, 2012 at 12:21 PM, Adam D. Barratt wrote: > On Sat, 2011-09-17 at 14:50 -0400, Michael Gilbert wrote: >> I've decided that it's too risky to disable t1lib in lenny as the >> version of freetype there has some known issues. >> >> Attached is a new debdiff for this proposed-update. > > +xpdf (3.02-1.4+lenny4) oldstable-proposed-updates; urgency=low > + > + * Fix cve-2011-2902: insecure tempfile usage in zxpdf. > + * Add NEWS.Debian with information about a set of unfixed t1lib issues > + (cve-2011-0764, cve-2011-1552, cve-2011-1553, and cve-2011-1554). > > DSA 2388 appears to have resolved all of those issues, so I guess we > could look at an update containing just the insecure tempfile change?
Yes, that's correct. I'll ready a new package. Best wishes, Mike -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/CANTw=MPOxHq5MHpRMrdWtsOTtborMh6BJz0r=6l5tkmn8nm...@mail.gmail.com
