Dear security team, Moritz Muehlenhoff <[EMAIL PROTECTED]> wrote:
> Package: tetex-bin > Version: 3.0-10.1 > Severity: grave > Tags: security > Justification: user security hole > > Multiple exploitable security problems have been found in xpdf, which are > all present in tetex-bin's embedded xpdf copy as well A patch is provided by upstream, and I'll be able to upload a fixed version to sid in the next 2 or three days. However, since I'm currently busy with real-life issues, I will *NOT* be able to backport the patch to the stable version of tetex-bin, nor work on the numerous other packages that contain xpdf code and that I have prepared patches for or NMU'ed previously in similar cases. Note also that testing still has the same upstream version as stable, and other issues prevent the new version to migrate from sid to testing soon. Regards, Frank P.S. Is anybody in contact with the xpdf upstream about providing a dynamically shared library, or at least get clarification whether they think distributions should try libpoppler instead? If not, would the security team allow me to quote them as "We would very much appreciate if such a library existed, and would urge maintainers and upstream developers to switch to using it"? -- Frank Küster Inst. f. Biochemie der Univ. Zürich Debian Developer
