Comment 2 for bug 15018

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-Id: <email address hidden>
Date: Tue, 05 Apr 2005 22:06:04 +0200
From: Moritz Muehlenhoff <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: tetex-bin: CAN-2005-0064 fix was incomplete

--===============0832715301==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Package: tetex-bin
Version: 2.0.2-27
Severity: grave
Tags: security patch
Justification: user security hole

Dear TeX maintainers,
the patch you used to fix CAN-2005-0064 in -26 seems to have been derived from
xpdf 3.00-12, which unfortunately was missing a portion of the security fix
(the one that is referenced as xpdf 3.00pl3 at the xpdf website, this has been
fixed in xpdf 3.00-13). Attached patch provides the necessary fix for the
tetex-bin package.

Cheers,
        Moritz

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)

Versions of packages tetex-bin depends on:
ii debconf 1.4.47 Debian configuration management sy
ii debianutils 2.13.2 Miscellaneous utilities specific t
ii dpkg 1.10.27 Package maintenance system for Deb
ii ed 0.2-20 The classic unix line editor
ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an
ii libgcc1 1:4.0-0pre2 GCC support library
ii libice6 4.3.0.dfsg.1-12.0.1 Inter-Client Exchange library
ii libkpathsea3 2.0.2-27 path search library for teTeX (run
ii libpaper1 1.1.14-3 Library for handling paper charact
ii libpng12-0 1.2.8rel-1 PNG library - runtime
ii libsm6 4.3.0.dfsg.1-12.0.1 X Window System Session Management
ii libstdc++5 1:3.3.5-12 The GNU Standard C++ Library v3
ii libt1-5 5.0.2-3 Type 1 font rasterizer library - r
ii libwww0 5.4.0-9 The W3C WWW library
ii libx11-6 4.3.0.dfsg.1-12.0.1 X Window System protocol client li
ii libxaw7 4.3.0.dfsg.1-12.0.1 X Athena widget set library
ii libxext6 4.3.0.dfsg.1-12.0.1 X Window System miscellaneous exte
ii libxmu6 4.3.0.dfsg.1-12.0.1 X Window System miscellaneous util
ii libxt6 4.3.0.dfsg.1-12.0.1 X Toolkit Intrinsics
ii mime-support 3.31-1 MIME files 'mime.types' & 'mailcap
ii perl 5.8.4-8 Larry Wall's Practical Extraction
ii sed 4.1.4-2 The GNU sed stream editor
ii tetex-base 2.0.2c-7 Basic library files of teTeX
ii ucf 1.17 Update Configuration File: preserv
ii xlibs 4.3.0.dfsg.1-12 X Keyboard Extension (XKB) configu
ii zlib1g 1:1.2.2-4 compression library - runtime

-- debconf information excluded

--===============0832715301==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="tetex-bin-CAN-2005-0064-missing-check.diff"

diff -Naur tetex-bin-2.0.2.orig/libs/xpdf/xpdf/XRef.cc tetex-bin-2.0.2/libs/xpdf/xpdf/XRef.cc
--- tetex-bin-2.0.2.orig/libs/xpdf/xpdf/XRef.cc 2002-11-03 23:15:37.000000000 +0100
+++ tetex-bin-2.0.2/libs/xpdf/xpdf/XRef.cc 2005-04-05 21:46:31.000000000 +0200
@@ -481,6 +481,9 @@
  } else {
    keyLength = 5;
  }
+ if (keyLength > 16) {
+ keyLength = 16;
+ }
  permFlags = permissions.getInt();
  if (encVersion >= 1 && encVersion <= 2 &&
      encRevision >= 2 && encRevision <= 3) {

--===============0832715301==--