Package: xpdf Version: 3.02-12+squeeze1 Severity: grave The current xpdf build copies part of the files of the upstream xpdf package into a fresh directory to then build this restricted subset and link against libpoppler which was forked from another subset of upstream xpdf.
xpdf/GlobalParams.cc is built, too, and its headers xpdf/GlobalParams.h are used, although libpoppler which is linked against has its own (significantly deviated) version of GlobalParams (The GlobalParams.h included from poppler.h are never actually used because the xpdf/ version is included first; If you change the inclusion order the build breaks). The result is the running program's libpoppler part working with an old GlobalParams from xpdf/, which might break at some point or even expose a security issue. This is not a bug that has, for me, manifested in actual misbehaviour or security problem, but I haven't spent the time to generate one, and thought it might well be worth a bugreport nevertheless. Decided to tag `grave' because I'm undecided about the actual severity, but I assume there is the potential. -Jens Stimpfle -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
