Bug#346086: tetex-bin: New integer overflows in xpdf copy [CVE-2005-3624, CVE-2005-3625, CVE-2005-3627]

2006-03-03 Thread Hilmar Preusse
severity 346086 important tags 346086 + woody # as discussed the bug is fixed in sid and sarge. In woody is a hunk # missing, which could lead to a hang of xpdf. We consider this not to # be critical. Lowering severity. Bug will be closed if the support # for woody has ended. stop On 31.01.06

Bug#346086: tetex-bin: New integer overflows in xpdf copy [CVE-2005-3624, CVE-2005-3625, CVE-2005-3627]

2006-01-31 Thread Hilmar Preusse
On 27.01.06 Martin Pitt ([EMAIL PROTECTED]) wrote: Hilmar Preusse [2006-01-27 9:56 +0100]: Hi, So, what is that now? - a security leak, which must be fixed - rather an inconvenience, which should be fixed? For CUPS it was a real DoS which must be fixed, but for tetex-bin it's just

Bug#346086: [SPAM?]: Bug#346086: tetex-bin: New integer overflows in xpdf copy [CVE-2005-3624, CVE-2005-3625, CVE-2005-3627]

2006-01-31 Thread Frank Küster
Hilmar Preusse [EMAIL PROTECTED] wrote: So, the last hunk seems not to exist in cupsys_1.1.14-5woody14. Should we submit a bug against it? Yes, definitely Further I suggest to close the bug now or at least downgrade it to important and close it as soon as the support for woody has ended.

Bug#346086: tetex-bin: New integer overflows in xpdf copy [CVE-2005-3624, CVE-2005-3625, CVE-2005-3627]

2006-01-27 Thread Hilmar Preusse
notfound 346086 2.0.2-30sarge4 found 346086 1.0.7+20011202-7.7 stop On 26.01.06 Martin Pitt ([EMAIL PROTECTED]) wrote: Hilmar Preusse [2006-01-23 18:30 +0100]: Hi all, On the DSA page Joey states, that the problem is solved for oldstable too. The .orig.tar.gz contains a patched Stream.cc,

Bug#346086: tetex-bin: New integer overflows in xpdf copy [CVE-2005-3624, CVE-2005-3625, CVE-2005-3627]

2006-01-27 Thread Martin Pitt
Hi Hilmar! Hilmar Preusse [2006-01-27 9:56 +0100]: This is precisely the fix that is required to avoid endless loops with prematurely ending PDF files (CVE-2005-3625). So it is not exploitable to execute any code or something, but it's still a nasty DoS, particularly in Cups. So I would

Bug#346086: tetex-bin: New integer overflows in xpdf copy [CVE-2005-3624, CVE-2005-3625, CVE-2005-3627]

2006-01-26 Thread Martin Pitt
Hi! Hilmar Preusse [2006-01-23 18:30 +0100]: On the DSA page Joey states, that the problem is solved for oldstable too. The .orig.tar.gz contains a patched Stream.cc, which got the same modifications as your patch contain, except the last hunk. I'm attaching it. Could you evluate if the hunk

Bug#346086: tetex-bin: New integer overflows in xpdf copy [CVE-2005-3624, CVE-2005-3625, CVE-2005-3627]

2006-01-23 Thread Hilmar Preusse
On 05.01.06 Martin Pitt ([EMAIL PROTECTED]) wrote: Hi Martin, Chris Evans found some more integer overflows in the xpdf code [1] which affect tetex-bin as well. [1] also has demo exploit PDFs for patch checking. See [2] for the Ubuntu debdiff. This only affects sarge (and woody);

Bug#346086: tetex-bin: New integer overflows in xpdf copy [CVE-2005-3624, CVE-2005-3625, CVE-2005-3627]

2006-01-05 Thread Martin Pitt
Package: tetex-bin Version: 2.0.2-30 Severity: critical Tags: security patch Hi! Chris Evans found some more integer overflows in the xpdf code [1] which affect tetex-bin as well. [1] also has demo exploit PDFs for patch checking. See [2] for the Ubuntu debdiff. This only affects sarge (and