Comment 68 for bug 26650

Message-ID: <email address hidden>
Date: Mon, 12 Dec 2005 08:52:39 +0100
From: Martin Schulze <email address hidden>
To: Frank =?iso-8859-1?Q?K=FCster?= <email address hidden>
Cc: <email address hidden>, Debian Security Team <email address hidden>,
 Martin Pitt <email address hidden>, Florian Weimer <email address hidden>
Subject: Re: Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy

Hi Frank!

Frank K=FCster wrote:
> I looked at both, and it seems that Martin's does more. I'm speaking o=
f
> the patch attached to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D=
342292;msg=3D136
>=20
> It introduces limits.h and does the same we did for the xpdf patches at
> the beginning of the year, namely change code that can be optimized awa=
y
> by compilers. =20

*sigh* You are correct. I'll add the missing bits as well.

> It seems to me that Martin Pitt's patch also has everything that yours
> (Joey's) has, but I'm not completely sure; anyway it seems that also th=
e
> stable packages should use the code with limits.h.

Aye.

> Am I correct that the other issues that Florian found are not addressed
> by any patch yet, and have not yet been widely published? Should I
> delay an upload to sid until this can be fixed, too?

Which issues? *phear*

Regards,

 Joey

--=20
If nothing changes, everything will remain the same. -- Barne's Law

Please always Cc to me when replying to me on the lists.