Message-ID: <email address hidden>
Date: Sun, 11 Dec 2005 13:27:37 +0100
From: =?iso-8859-1?q?Frank_K=FCster?= <email address hidden>
To: Martin Schulze <email address hidden>
Cc: <email address hidden>, Debian Security Team <email address hidden>,
Martin Pitt <email address hidden>, Florian Weimer <email address hidden>
Subject: Re: Bug#342292: tetex-bin: Multiple exploitable heap overflows in
embedded xpdf copy
Martin Schulze <email address hidden> wrote:
> Frank K=FCster wrote:
>> Hi Joey,
>>=20
>> Martin Schulze <email address hidden> wrote:
>>=20
>> > The original patch was not sufficient. I'm attaching the entire and t=
he
>> > incremental patch. Please apply the incremental patch to the version =
in
>> > sid as well.
>>=20
>> Did you see Martin Pitt's "enhanced" patch - do both address the same
>> problems?
>
> The appendix removes the douplette Martin found, so yes.
It introduces limits.h and does the same we did for the xpdf patches at
the beginning of the year, namely change code that can be optimized away
by compilers.=20=20
It seems to me that Martin Pitt's patch also has everything that yours
(Joey's) has, but I'm not completely sure; anyway it seems that also the
stable packages should use the code with limits.h.
Am I correct that the other issues that Florian found are not addressed
by any patch yet, and have not yet been widely published? Should I
delay an upload to sid until this can be fixed, too?
>> P.S. Did you see my mail to -release regarding the tetex-base upload to
>> stable/proposed-updates?
>
> No. Could you forward it?
Sent in a separate mail.
Regards, Frank
--=20
Frank K=FCster
Inst. f. Biochemie der Univ. Z=FCrich
Debian Developer
Message-ID: <email address hidden> 1?q?Frank_ K=FCster? = <email address hidden>
Date: Sun, 11 Dec 2005 13:27:37 +0100
From: =?iso-8859-
To: Martin Schulze <email address hidden>
Cc: <email address hidden>, Debian Security Team <email address hidden>,
Martin Pitt <email address hidden>, Florian Weimer <email address hidden>
Subject: Re: Bug#342292: tetex-bin: Multiple exploitable heap overflows in
embedded xpdf copy
Martin Schulze <email address hidden> wrote:
> Frank K=FCster wrote:
>> Hi Joey,
>>=20
>> Martin Schulze <email address hidden> wrote:
>>=20
>> > The original patch was not sufficient. I'm attaching the entire and t=
he
>> > incremental patch. Please apply the incremental patch to the version =
in
>> > sid as well.
>>=20
>> Did you see Martin Pitt's "enhanced" patch - do both address the same
>> problems?
>
> The appendix removes the douplette Martin found, so yes.
I looked at both, and it seems that Martin's does more. I'm speaking of bugs.debian. org/cgi- bin/bugreport. cgi?bug= 3D34=
the patch attached to http://
2292;msg=3D136
It introduces limits.h and does the same we did for the xpdf patches at
the beginning of the year, namely change code that can be optimized away
by compilers.=20=20
It seems to me that Martin Pitt's patch also has everything that yours
(Joey's) has, but I'm not completely sure; anyway it seems that also the
stable packages should use the code with limits.h.
Am I correct that the other issues that Florian found are not addressed
by any patch yet, and have not yet been widely published? Should I
delay an upload to sid until this can be fixed, too?
>> P.S. Did you see my mail to -release regarding the tetex-base upload to proposed- updates?
>> stable/
>
> No. Could you forward it?
Sent in a separate mail.
Regards, Frank
--=20
Frank K=FCster
Inst. f. Biochemie der Univ. Z=FCrich
Debian Developer