> Thanks for the report! Hmm, xpdf 1.0 contains exactly the same
> vulnerable code.
I must be blind (or you looked at something different: I looked at the
code in tetex-bin_1.0.7+20011202-7.3, which does not contain xpdf-1.0,
but 0.92). I couldn't find it in these sources; the vulnerable part after
// get the mask
is missing.
TIA, Frank
--
Frank Küster
Inst. f. Biochemie der Univ. Zürich
Debian Developer
Hilmar Preusse <email address hidden> schrieb:
> Thanks for the report! Hmm, xpdf 1.0 contains exactly the same
> vulnerable code.
I must be blind (or you looked at something different: I looked at the 1.0.7+20011202- 7.3, which does not contain xpdf-1.0,
code in tetex-bin_
but 0.92). I couldn't find it in these sources; the vulnerable part after
// get the mask
is missing.
TIA, Frank
--
Frank Küster
Inst. f. Biochemie der Univ. Zürich
Debian Developer