On 12 Aug, Martin Schröder wrote:
> On 2005-08-12 16:08:07 +0200, Martin Schroeder wrote:
>> I don't know about 2005-2097, but the worst would be a crash of
>> pdfTeX. Is a patch around?
>
> I've found it and checked the code: The vulnerable code
> (fofi/FoFiTrueType.cc) is only called from the in
On 2005-08-12 16:08:07 +0200, Martin Schroeder wrote:
> I don't know about 2005-2097, but the worst would be a crash of
> pdfTeX. Is a patch around?
I've found it and checked the code: The vulnerable code
(fofi/FoFiTrueType.cc) is only called from the interactive code
(xpdf/PShOutputDev.cc and xpd
On 2005-08-12 13:36:32 +0200, Thomas Esser wrote:
> > Now I'm wondering which changes you have made to the upstream sources,
> > and whether they were on purpose; and whether this makes teTeX
> > non-vulnerable, or requires a different patch to fix the vulnerability.
>
> For the reasons given abov
> This is why I'm contacting you, Thomas: Although according to the
> CHANGES file we should have xpdf-3.00 just as the xpdf package has, but
> at least one file (which should be patched) is missing in the teTeX
> sources.
The following changes are done to the original sources:
- xpdf/GlobalPara
Hello Thomas, hello Debian Security team,
Frank Küster <[EMAIL PROTECTED]> wrote:
> tetex-bin_3.0 in experimental is vulnerable.
This is about CAN-2005-2097, see
http://www.securityfocus.com/bid/14529/info. The provided patch (see
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322467) is said
found 322467 3.0-5
thanks
Hilmar Preusse <[EMAIL PROTECTED]> wrote:
> Package: tetex-bin
> Version: 2.0.2-31
> Severity: grave
> Tags: patch
> Justification: can result in disk consumption and ultimately lead to a denial
> of service condition.
>
> Just a reminder,
>
> http://www.securityfocus.c
tags 322467 + experimental
stop
On 10.08.05 Hilmar Preusse ([EMAIL PROTECTED]) wrote:
> Package: tetex-bin
> Version: 2.0.2-31
> Severity: grave
> Tags: patch
>
> Just a reminder,
>
> http://www.securityfocus.com/bid/14529/info
>
Martin Pitt gave me the hint, that teTeX from stable is not
vuln
Package: tetex-bin
Version: 2.0.2-31
Severity: grave
Tags: patch
Justification: can result in disk consumption and ultimately lead to a denial
of service condition.
Just a reminder,
http://www.securityfocus.com/bid/14529/info
Ubuntu^1 already fixed the xpdf packages. I guess we're affected too,
8 matches
Mail list logo