severity 346086 important
tags 346086 + woody
# as discussed the bug is fixed in sid and sarge. In woody is a hunk
# missing, which could lead to a hang of xpdf. We consider this not to
# be critical. Lowering severity. Bug will be closed if the support
# for woody has ended.
stop
On 31.01.06
On 27.01.06 Martin Pitt ([EMAIL PROTECTED]) wrote:
Hilmar Preusse [2006-01-27 9:56 +0100]:
Hi,
So, what is that now?
- a security leak, which must be fixed
- rather an inconvenience, which should be fixed?
For CUPS it was a real DoS which must be fixed, but for tetex-bin
it's just
Hilmar Preusse [EMAIL PROTECTED] wrote:
So, the last hunk seems not to exist in cupsys_1.1.14-5woody14.
Should we submit a bug against it?
Yes, definitely
Further I suggest to close the bug now or at least downgrade it to
important and close it as soon as the support for woody has ended.
notfound 346086 2.0.2-30sarge4
found 346086 1.0.7+20011202-7.7
stop
On 26.01.06 Martin Pitt ([EMAIL PROTECTED]) wrote:
Hilmar Preusse [2006-01-23 18:30 +0100]:
Hi all,
On the DSA page Joey states, that the problem is solved for
oldstable too. The .orig.tar.gz contains a patched Stream.cc,
Hi Hilmar!
Hilmar Preusse [2006-01-27 9:56 +0100]:
This is precisely the fix that is required to avoid endless loops
with prematurely ending PDF files (CVE-2005-3625). So it is not
exploitable to execute any code or something, but it's still a
nasty DoS, particularly in Cups. So I would
Hi!
Hilmar Preusse [2006-01-23 18:30 +0100]:
On the DSA page Joey states, that the problem is solved for oldstable
too. The .orig.tar.gz contains a patched Stream.cc, which got the
same modifications as your patch contain, except the last hunk. I'm
attaching it. Could you evluate if the hunk
On 05.01.06 Martin Pitt ([EMAIL PROTECTED]) wrote:
Hi Martin,
Chris Evans found some more integer overflows in the xpdf code [1]
which affect tetex-bin as well. [1] also has demo exploit PDFs for
patch checking.
See [2] for the Ubuntu debdiff.
This only affects sarge (and woody);
Package: tetex-bin
Version: 2.0.2-30
Severity: critical
Tags: security patch
Hi!
Chris Evans found some more integer overflows in the xpdf code [1] which affect
tetex-bin as well. [1] also has demo exploit PDFs for patch checking.
See [2] for the Ubuntu debdiff.
This only affects sarge (and
8 matches
Mail list logo