[Secure-testing-team] Re: xpdf vulnerability?

Frank Küster frank at kuesterei.ch
Wed Mar 16 16:42:31 UTC 2005


[Seems I messed up the first attempt of this mail]

Frank Küster <frank at debian.org> wrote:

> Micah Anderson <micah at debian.org> wrote:
>
>> 7. Is our xpdf vulnerable to CAN-2005-0206[13]?
>
> This also needs to be checked for pdftex (in tetex-bin) and pdftohtml,
> and perhaps others that include xpdf code.

Can anybody point me to a place where I can find the patch for the
64-bit-specific issue?  The CVE only lists the RedHat and Mandrake
security announcements, but I don't know how to get those source-rpm's.
I found ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch - if that's the
right one, tetex-bin in sarge/unstable is vulnerable.  In woody the code
looks very different.

Regards, Frank

-- 
Frank Küster
Inst. f. Biochemie der Univ. Zürich
Debian Developer






More information about the Secure-testing-team mailing list