On 18.03.05 Micah Anderson ([EMAIL PROTECTED]) wrote: > On Wed, 16 Mar 2005, Frank K�ster wrote:
Hi .*, > > Can anybody point me to a place where I can find the patch for > > the 64-bit-specific issue? The CVE only lists the RedHat and > > Mandrake security announcements, but I don't know how to get > > those source-rpm's. I found > > ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch - if that's the > > right one, tetex-bin in sarge/unstable is vulnerable. In woody > > the code looks very different. > > Unfortunately, it takes some deep digging sometimes. I've had to > email the security announce mailing address to find specific > patches before. Surprisingly, they responded... > Great! Now I found out that the patch was only two links away from the RHSA :-(. > I searched Redhat's Bugzilla, and found this: > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=135393 > > Can you determine if tetex-bin, pdftohtml and xpdf have this in > Sarge? > As thex extension to CAN-2004-0888 (CAN-2005-0206) came in after the latest tetex-bin upload we can't have the fix in sarge. I'll file a bug against tetex-bin and I guess Frank will upload ASAP. I'll check the woody version too. H. -- Deliver yesterday, code today, think tomorrow. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
