© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Message-ID: <email address hidden>
Date: Fri, 31 Dec 2004 13:19:36 +0100
From: Martin Schulze <email address hidden>
To: Hilmar Preusse <email address hidden>
Cc: <email address hidden>
Subject: Re: Bug#286984: CAN-2004-1125: Arbitrary code execution in tetex-bin
Hilmar Preusse wrote:
> > > >> > I'm attaching the patch we're using for fixing woody.
> > > >>=20
> > > >> The patch was empty.=20
> > > >
> > > > Uh? How did that happen?
> > >=20
> > > Don't know. I would still be interested.
> >=20
> > It's basically the same as in this bug report, but it's bogus
> > as you correctly pointed out, since the program flow will end
> > in the case statement that is able to detect wrong values of
> > nComps.
> >=20
> So why is the hunk then included in the patch for xpdf 1.0 (DSA
> 619-1)? Why is it part of 3.00pl2 at all?
Because it's the upstream fix and doesn't harm. Contrary to tetex-bin
this is only a minor part of the correction for cups and xpdf. The
real vulnerability does not exist in tetex-bin, so there's no update
needed.
Regards,
Joey
--=20
A mathematician is a machine for converting coffee into theorems. Paul =
Erd=F6s
Please always Cc to me when replying to me on the lists.