On Wed, 16 Mar 2005, Frank K�ster wrote: > Frank K�ster <[EMAIL PROTECTED]> wrote: > > > Micah Anderson <[EMAIL PROTECTED]> wrote: > > > >> 7. Is our xpdf vulnerable to CAN-2005-0206[13]? > > > > This also needs to be checked for pdftex (in tetex-bin) and pdftohtml, > > and perhaps others that include xpdf code. > > Can anybody point me to a place where I can find the patch for the > 64-bit-specific issue? The CVE only lists the RedHat and Mandrake > security announcements, but I don't know how to get those source-rpm's. > I found ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch - if that's the > right one, tetex-bin in sarge/unstable is vulnerable. In woody the code > looks very different.
Unfortunately, it takes some deep digging sometimes. I've had to email the security announce mailing address to find specific patches before. Surprisingly, they responded... I searched Redhat's Bugzilla, and found this: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=135393 Apparantly this patch: https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=110599 plus the following missing hunk: @@ -186,6 +192,11 @@ } if (start >= pagesSize) { pagesSize += 32; + if (pagesSize*(int)sizeof(Page *)/sizeof(Page *) != pagesSize || + pagesSize*(int)sizeof(Ref)/sizeof(Ref) != pagesSize) { + error(-1, "Invalid 'pagesSize' parameter."); + goto err3; + } Can you determine if tetex-bin, pdftohtml and xpdf have this in Sarge? Micah -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
