Comment 18 for bug 11419

Message-ID: <email address hidden>
Date: Thu, 23 Dec 2004 18:41:51 +0100
From: =?iso-8859-1?q?Frank_K=FCster?= <email address hidden>
To: Debian Bug Control Server <email address hidden>
Cc: teTeX maintainers <email address hidden>
Subject: Re: Bug#286984: marked as done (tetex-bin: Vulnerable to
 CAN-2004-1125)

reopen 286984
tags 286984 sarge
stop

> * SECURITY UPDATE:
> - Added debian/patches/patch-CAN-2004-1125 to fix a buffer overflow =
in
> PDF reading code that was taken from xpdf (closes: #286984). Thank=
s to
> Martin Pitt <email address hidden>, see
> http://www.idefense.com/application/poi/display?id=3D172 [frank]
> - Fixed insecure tempfile creation, thanks to Javier
> Fern=C3=A1ndez-Sanguino Pe=C3=B1a <email address hidden> (closes: #286=
370) [frank]

I'm going to keep this open until this upload has entered sarge, just as
Adrian has suggested (and did) with CAN-2004-0888

Regards, Frank
--=20
Frank K=FCster
Inst. f. Biochemie der Univ. Z=FCrich
Debian Developer