Debian
tetex-bin package

  1. Bug #26650
  2. Comment #11

Comment 11 for bug 26650

Revision history for this message
In , Frank Küster (frank-debian) wrote : Re: Bug#342292: Fwd: Re: [vendor-sec] xpdf update - patch wrong?

Martin Pitt <email address hidden> wrote:

> Hi!
>
> I'm currently preparing Ubuntu security updates for these issues, and
> I noticed that the upstream provided patch is wrong. I sent the mail
> below to upstream (and some others).
>
> Can you please check that you indeed fixed (tetex-bin)/will fix
> (poppler) DCTStream::readProgressiveSOF(), too?
[...]
> It seems that the patch linked from these advisories [1] is a little
> bit flawed: it checks numComps twice in DCTStream::readBaselineSOF(),
> but does not check it in DCTStream::readProgressiveSOF().

We have the same flaw in our upload. Would you be so kind and check the
updated patch at

http://svn.debian.org/wsvn/pkg-tetex/tetex-bin/trunk/debian/patches/patch-CVE-2005-3191+2+3?op=file&rev=0&sc=0

I'm completely illerate in C++, and would like to make sure this is
correct.

Regards, Frank
--
Frank Küster
Inst. f. Biochemie der Univ. Zürich
Debian Developer