Package: tetex-bin Version: 3.0-13 Severity: normal Tags: patch security Hi!
tetex-bin 3.0 contains a copy of libgd2 source code in libs/gd. libgd2 had a recent security flaw that allows malicious graphic files to trigger an endless loop. This is not a big deal, but it should get fixed eventually. [1] has the original libgd2 patch. libgd2 had more serious vulnerabilities in the past (CVE-2004-0990, CVE-2004-0941), though. The best solution would be to build against the system libgd2 library instead of using a code copy. This does not affect 2.0.2, thus Sarge is not affected. (Even if it was, a security update wouln't be warranted, given that it is a client application and no long-running server). Thank you, Martin [1] http://people.ubuntu.com/patches/libgd2.CVE-2006-2906.diff -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates?
signature.asc
Description: Digital signature
