Message-ID: <email address hidden>
Date: Tue, 13 Dec 2005 18:17:03 +0100
From: =?iso-8859-1?q?Frank_K=FCster?= <email address hidden>
To: Martin Schulze <email address hidden>
Cc: <email address hidden>, Debian Security Team <email address hidden>,
Martin Pitt <email address hidden>, Florian Weimer <email address hidden>
Subject: Re: Bug#342292: tetex-bin: Multiple exploitable heap overflows in
embedded xpdf copy
Martin Schulze <email address hidden> wrote:
>> Am I correct that the other issues that Florian found are not addressed
>> by any patch yet, and have not yet been widely published? Should I
>> delay an upload to sid until this can be fixed, too?
>
> Which issues? *phear*
Florian said that the new function gmallocn (used in xpdf >=3D 3.01 and
derivatives, but not in tetex-bin) isn't save, either.
I'm currently preparing an upload of tetex-bin linked against libpoppler.
Regards, Frank
--=20
Frank K=FCster
Inst. f. Biochemie der Univ. Z=FCrich
Debian Developer
Message-ID: <email address hidden> 1?q?Frank_ K=FCster? = <email address hidden>
Date: Tue, 13 Dec 2005 18:17:03 +0100
From: =?iso-8859-
To: Martin Schulze <email address hidden>
Cc: <email address hidden>, Debian Security Team <email address hidden>,
Martin Pitt <email address hidden>, Florian Weimer <email address hidden>
Subject: Re: Bug#342292: tetex-bin: Multiple exploitable heap overflows in
embedded xpdf copy
Martin Schulze <email address hidden> wrote:
>> Am I correct that the other issues that Florian found are not addressed
>> by any patch yet, and have not yet been widely published? Should I
>> delay an upload to sid until this can be fixed, too?
>
> Which issues? *phear*
Florian said that the new function gmallocn (used in xpdf >=3D 3.01 and
derivatives, but not in tetex-bin) isn't save, either.
I'm currently preparing an upload of tetex-bin linked against libpoppler.
Regards, Frank
--=20
Frank K=FCster
Inst. f. Biochemie der Univ. Z=FCrich
Debian Developer