Debian
tetex-bin package

  1. Bug #11419
  2. Comment #15

Comment 15 for bug 11419

Revision history for this message
In , Hilmar Preusse (hille42) wrote : Re: Bug#286984: tetex-bin: Vulnerable to CAN-2004-1125

On 23.12.04 Frank Küster (<email address hidden>) wrote:
> Hilmar Preusse <email address hidden> schrieb:

Hi,

> > Thanks for the report! Hmm, xpdf 1.0 contains exactly the same
> > vulnerable code.
>
> I must be blind (or you looked at something different: I looked at
> the code in tetex-bin_1.0.7+20011202-7.3, which does not contain
> xpdf-1.0, but 0.92). I couldn't find it in these sources; the
> vulnerable part after
>
> // get the mask
>
> is missing.
>
Yes, you're right. Sorry! I had a look at the source code of xpdf
1.00, cause I believed this is the version contained in teTeX 1.0.7.
The first part of your patch doesn't fit into xpdf 0.92, however the
second part does. I'm not sure if this part is still part of the CAN.

Regards,
  Hilmar
--
sigmentation fault