On 12 Aug, Martin Schröder wrote:
> On 2005-08-12 16:08:07 +0200, Martin Schroeder wrote:
>> I don't know about 2005-2097, but the worst would be a crash of
>> pdfTeX. Is a patch around?
>
> I've found it and checked the code: The vulnerable code
> (fofi/FoFiTrueType.cc) is only called from the in
Martin Schroeder <[EMAIL PROTECTED]> wrote:
> On 2005-08-12 13:36:32 +0200, Thomas Esser wrote:
>> > Now I'm wondering which changes you have made to the upstream sources,
>> > and whether they were on purpose; and whether this makes teTeX
>> > non-vulnerable, or requires a different patch to fix
On 2005-08-12 16:08:07 +0200, Martin Schroeder wrote:
> I don't know about 2005-2097, but the worst would be a crash of
> pdfTeX. Is a patch around?
I've found it and checked the code: The vulnerable code
(fofi/FoFiTrueType.cc) is only called from the interactive code
(xpdf/PShOutputDev.cc and xpd
On 2005-08-12 13:36:32 +0200, Thomas Esser wrote:
> > Now I'm wondering which changes you have made to the upstream sources,
> > and whether they were on purpose; and whether this makes teTeX
> > non-vulnerable, or requires a different patch to fix the vulnerability.
>
> For the reasons given abov
> This is why I'm contacting you, Thomas: Although according to the
> CHANGES file we should have xpdf-3.00 just as the xpdf package has, but
> at least one file (which should be patched) is missing in the teTeX
> sources.
The following changes are done to the original sources:
- xpdf/GlobalPara
Hello Thomas, hello Debian Security team,
Frank Küster <[EMAIL PROTECTED]> wrote:
> tetex-bin_3.0 in experimental is vulnerable.
This is about CAN-2005-2097, see
http://www.securityfocus.com/bid/14529/info. The provided patch (see
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322467) is said
6 matches
Mail list logo
