[Secure-testing-team] Re: xpdf vulnerability?
Frank Küster
frank at kuesterei.ch
Wed Mar 16 16:42:31 UTC 2005
[Seems I messed up the first attempt of this mail]
Frank Küster <frank at debian.org> wrote:
> Micah Anderson <micah at debian.org> wrote:
>
>> 7. Is our xpdf vulnerable to CAN-2005-0206[13]?
>
> This also needs to be checked for pdftex (in tetex-bin) and pdftohtml,
> and perhaps others that include xpdf code.
Can anybody point me to a place where I can find the patch for the
64-bit-specific issue? The CVE only lists the RedHat and Mandrake
security announcements, but I don't know how to get those source-rpm's.
I found ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch - if that's the
right one, tetex-bin in sarge/unstable is vulnerable. In woody the code
looks very different.
Regards, Frank
--
Frank Küster
Inst. f. Biochemie der Univ. Zürich
Debian Developer
More information about the Secure-testing-team
mailing list