© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0f7b58d
(Get the code!)
Message-ID: <email address hidden>
Date: Sun, 11 Dec 2005 13:27:37 +0100
From: =?iso-8859-
To: Martin Schulze <email address hidden>
Cc: <email address hidden>, Debian Security Team <email address hidden>,
Martin Pitt <email address hidden>, Florian Weimer <email address hidden>
Subject: Re: Bug#342292: tetex-bin: Multiple exploitable heap overflows in
embedded xpdf copy
Martin Schulze <email address hidden> wrote:
> Frank K=FCster wrote:
>> Hi Joey,
>>=20
>> Martin Schulze <email address hidden> wrote:
>>=20
>> > The original patch was not sufficient. I'm attaching the entire and t=
he
>> > incremental patch. Please apply the incremental patch to the version =
in
>> > sid as well.
>>=20
>> Did you see Martin Pitt's "enhanced" patch - do both address the same
>> problems?
>
> The appendix removes the douplette Martin found, so yes.
I looked at both, and it seems that Martin's does more. I'm speaking of
the patch attached to http://
2292;msg=3D136
It introduces limits.h and does the same we did for the xpdf patches at
the beginning of the year, namely change code that can be optimized away
by compilers.=20=20
It seems to me that Martin Pitt's patch also has everything that yours
(Joey's) has, but I'm not completely sure; anyway it seems that also the
stable packages should use the code with limits.h.
Am I correct that the other issues that Florian found are not addressed
by any patch yet, and have not yet been widely published? Should I
delay an upload to sid until this can be fixed, too?
>> P.S. Did you see my mail to -release regarding the tetex-base upload to
>> stable/
>
> No. Could you forward it?
Sent in a separate mail.
Regards, Frank
--=20
Frank K=FCster
Inst. f. Biochemie der Univ. Z=FCrich
Debian Developer