Hi, This DSA made me aware that there might be a problem in texlive. It contains a changed copy of libicu; the changes are needed by xetex, and xetex upstream intends to have them merged. But for the time being, the code copy is there.
I fear I won't have time to work on a security update of texlive right now, and Norbert is busy as well. I have added the information to embedded-code-copies, a diff (which also includes some more TeXLive-related corrections) is attached. Regards, Frank -- Dr. Frank Küster Debian Developer (TeXLive) VCD Aschaffenburg-Miltenberg, ADFC Miltenberg B90/Grüne KV Miltenberg
--- embedded-code-copies.orig 2009-09-17 11:26:34.000000000 +0200 +++ embedded-code-copies 2009-09-17 11:32:57.000000000 +0200 @@ -98,9 +98,8 @@ </code><code> [etch] - pdftohtml <unfixed> </code><code> NOTE: has been replaced by poppler-utils </code><code> - kdegraphics 4:4.2.2-1 (embed; bug #436164) -</code><code> - texlive-base 3.0-12 (embed) </code><code> - texlive-bin 2007-1 (embed) -</code><code> NOTE: links to poppler +</code><code> NOTE: unused code, links to poppler instead </code><code> - koffice <unfixed> (embed; bug #436163) </code><code> - libextractor 0.5.12-1 (embed) </code><code> NOTE: libextractor is using its own pdf decoder now @@ -577,7 +576,9 @@ </code><code> </code><code>t1lib </code><code> - tetex-bin 2.0.2-1 (embed) -</code><code> - texlive-bin <unknown> (embed) +</code><code> - texlive-bin <not-affected> (embed) +</code><code> NOTE: completely unused code (configured with +</code><code> --with-system-t1lib, but no Build-dep on t1) </code><code> </code><code>guichan </code><code> - boswars <unfixed> (embed) @@ -996,6 +997,11 @@ </code><code> </code><code>pidgin </code><code> - gaim <old-version> +</code><code>icu +</code><code> - texlive-bin <unfixed> (embed) +</code><code> NOTE: The embedded copy is kind-of-a-fork, +</code><code> upstream is working with icu to get changes +</code><code> merged back. </code><code></PRE> </code><code></code> </div> <p>
