© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Message-ID: <20041226214430
Date: Sun, 26 Dec 2004 22:44:30 +0100
From: Hilmar Preusse <email address hidden>
To: <email address hidden>, <email address hidden>
Subject: Re: Bug#286984: tetex-bin: Vulnerable to CAN-2004-1125
On 23.12.04 Frank K�(<email address hidden>) wrote:
> Hilmar Preusse <email address hidden> schrieb:
Hi,
> > Thanks for the report! Hmm, xpdf 1.0 contains exactly the same
> > vulnerable code.
>
> I must be blind (or you looked at something different: I looked at
> the code in tetex-bin_
> xpdf-1.0, but 0.92). I couldn't find it in these sources; the
> vulnerable part after
>
> // get the mask
>
> is missing.
>
Yes, you're right. Sorry! I had a look at the source code of xpdf
1.00, cause I believed this is the version contained in teTeX 1.0.7.
The first part of your patch doesn't fit into xpdf 0.92, however the
second part does. I'm not sure if this part is still part of the CAN.
Regards,
Hilmar
--
sigmentation fault