Comment 19 for bug 14171

Message-ID: <email address hidden>
Date: Tue, 22 Mar 2005 12:49:06 +0100
From: =?iso-8859-1?q?Frank_K=FCster?= <email address hidden>
To: Martin Pitt <email address hidden>
Cc: <email address hidden>, Joey Hess <email address hidden>,
        Hilmar Preusse
 <email address hidden>
Subject: Re: Bug#300182: tetex-bin still vulnerable to CAN-2004-0888
 (CAN-2005-0206)

Hi Martin,

Hilmar Preusse <email address hidden> wrote:

> On 18.03.05 Joey Hess (<email address hidden>) wrote:
>> Hilmar Preusse wrote:
>
> Hi,
>
>> > As recently discovered the patch, which fixed CAN-2004-0888,
>> > seems to be broken on all 64bit platforms (tested only on ia64
>> > though).[1]
>>=20
>> Note that CAN-2005-0206 has been assigned for this issue.
>>=20
>> BTW, since you were able to track this one down, do you have any
>> info about the other packages (cupsys, xpdf, etc) that also has
>> CAN-2004-0888? Do they also need fixes, and do you have a patch for
>> them?
>>=20
> Martin Pitt <martin <at> piware.de> told me, that tetex-bin is not
> vulnerable as the file debian/patches/patch-CAN-2004-0888 continas
> not the original patch form the xpdf developer, but already a fixed
> version of the patch.

Martin, good to hear that. Did you also read the other messages in this
thread, namely Hamish's confusion about CAN-2004-0888 vs. CAN-2004-0889?
And, by the way, why didn't you answer to the bug, or the security
list(s)?=20

Regards, Frank
--=20
Frank K=FCster
Inst. f. Biochemie der Univ. Z=FCrich
Debian Developer