Package: pdfedit Version: 0.4.2-1 Severity: important Hi,
while downloading the source of pdfedit to handle bug 510784, I fell on copies of: * xpdf code (3.02 - 2007-Feb-27 - 4 Debian revisions since then, of which 6 fixed CVEs) * kpdf code (from KDE 3.3.2 - 2005-Mai-10 - KPDF 0.1 - Actual version in Lenny is the one from KDE 3.5.9) Checking atimes before and after building on files in those both directories tends to show that they are used in the compilation. The produced binary visibly includes the xpdf and kpdf code. This code duplication is a security risk for pdfedit users, furthermore with such old code. Best regards, OdyX -- System Information: Debian Release: 5.0 APT prefers testing-proposed-updates APT policy: (750, 'testing-proposed-updates'), (700, 'testing'), (600, 'unstable'), (50, 'testing-proposed-updates'), (50, 'experimental'), (50, 'unstable'), (50, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_CH.UTF-8, LC_CTYPE=fr_CH.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages pdfedit depends on: ii libc6 2.7-16 GNU C Library: Shared libraries ii libfreetype6 2.3.7-2 FreeType 2 font engine, shared lib ii libgcc1 1:4.3.2-1 GCC support library ii libqt3-mt 3:3.3.8b-5 Qt GUI Library (Threaded runtime v ii libstdc++6 4.3.2-1 The GNU Standard C++ Library v3 ii libx11-6 2:1.1.5-2 X11 client-side library ii libxext6 2:1.0.4-1 X11 miscellaneous extension librar ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime pdfedit recommends no packages. pdfedit suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
