Comment 9 for bug 11419

Message-ID: <email address hidden>
Date: Thu, 23 Dec 2004 17:28:49 +0100
From: Martin Pitt <email address hidden>
To: <email address hidden>
Subject: Re: Bug#286984: tetex-bin: Vulnerable to CAN-2004-1125

--4Ckj6UjgE2iN1+kY
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi Hilmar!

Hilmar Preusse [2004-12-23 15:37 +0100]:
> > You can get the Ubuntu security update patch from
> >=20
> > http://patches.ubuntu.com/patches/tetex-bin.CAN-2004-1125.diff
> >=20
> , which is not much more than
> ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl2.patch + the Debian/Ubuntu
> specific stuff.=20

Right; to the contrary, it is even a bit shorter than the original
patch. I included it more or less only for the sake of completeness
:-)

> The original report e.g. on
> http://www.auscert.org.au/render.html?it=3D4651 .
>=20
> Thanks for the report! Hmm, xpdf 1.0 contains exactly the same
> vulnerable code. I guess there will be another tetex for stable soon.

I did not look into that. If stable is affected, too, then can you
please keep track of the release tags?

Merry Christmas!

Martin

--=20
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntulinux.org
Debian GNU/Linux Developer http://www.debian.org

--4Ckj6UjgE2iN1+kY
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFByvJBDecnbV4Fd/IRAoeUAKDBPVBu2b4auzYHC9MjJIp/+3tjjgCffXJH
gMcCSgObsPyu23n+gn+GeMc=
=JlVb
-----END PGP SIGNATURE-----

--4Ckj6UjgE2iN1+kY--