[Secure-testing-team] Re: xpdf vulnerability?
Hilmar Preusse
hille42 at web.de
Wed Mar 16 15:03:41 UTC 2005
On 16.03.05 Frank Küster (frank at debian.org) wrote:
> Frank Küster <frank at debian.org> wrote:
> > Micah Anderson <micah at debian.org> wrote:
Hi all,
> >> 7. Is our xpdf vulnerable to CAN-2005-0206[13]?
> >
> > This also needs to be checked for pdftex (in tetex-bin) and
> > pdftohtml, and perhaps others that include xpdf code.
>
> Can anybody point me to a place where I can find the patch for the
> 64-bit-specific issue?
>
I was looking for a while, but couldn't find anything.
> I found ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch - if
> that's the right one, tetex-bin in sarge/unstable is vulnerable.
> In woody the code looks very different.
>
Well, the xpdf-3.00pl3.patch was IIRC included in the latest
tetex-bin upload (CAN-2005-0064).
H.
--
If the girl you love moves in with another guy once, it's more than enough.
Twice, it's much too much. Three times, it's the story of your life.
More information about the Secure-testing-team
mailing list