On Sat, 2011-09-17 at 14:50 -0400, Michael Gilbert wrote: > I've decided that it's too risky to disable t1lib in lenny as the > version of freetype there has some known issues. > > Attached is a new debdiff for this proposed-update.
+xpdf (3.02-1.4+lenny4) oldstable-proposed-updates; urgency=low + + * Fix cve-2011-2902: insecure tempfile usage in zxpdf. + * Add NEWS.Debian with information about a set of unfixed t1lib issues + (cve-2011-0764, cve-2011-1552, cve-2011-1553, and cve-2011-1554). DSA 2388 appears to have resolved all of those issues, so I guess we could look at an update containing just the insecure tempfile change? Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
