Hilmar Preusse wrote:
> > > >> > I'm attaching the patch we're using for fixing woody.
> > > >>
> > > >> The patch was empty.
> > > >
> > > > Uh? How did that happen?
> > >
> > > Don't know. I would still be interested.
> >
> > It's basically the same as in this bug report, but it's bogus
> > as you correctly pointed out, since the program flow will end
> > in the case statement that is able to detect wrong values of
> > nComps.
> >
> So why is the hunk then included in the patch for xpdf 1.0 (DSA
> 619-1)? Why is it part of 3.00pl2 at all?
Because it's the upstream fix and doesn't harm. Contrary to tetex-bin
this is only a minor part of the correction for cups and xpdf. The
real vulnerability does not exist in tetex-bin, so there's no update
needed.
Regards,
Joey
--
A mathematician is a machine for converting coffee into theorems. Paul Erdös
Please always Cc to me when replying to me on the lists.
Hilmar Preusse wrote:
> > > >> > I'm attaching the patch we're using for fixing woody.
> > > >>
> > > >> The patch was empty.
> > > >
> > > > Uh? How did that happen?
> > >
> > > Don't know. I would still be interested.
> >
> > It's basically the same as in this bug report, but it's bogus
> > as you correctly pointed out, since the program flow will end
> > in the case statement that is able to detect wrong values of
> > nComps.
> >
> So why is the hunk then included in the patch for xpdf 1.0 (DSA
> 619-1)? Why is it part of 3.00pl2 at all?
Because it's the upstream fix and doesn't harm. Contrary to tetex-bin
this is only a minor part of the correction for cups and xpdf. The
real vulnerability does not exist in tetex-bin, so there's no update
needed.
Regards,
Joey
--
A mathematician is a machine for converting coffee into theorems. Paul Erdös
Please always Cc to me when replying to me on the lists.