thr3ads.net - Secure testing team - [Secure-testing-team] Re: xpdf vulnerability? [Mar 2006]

If this information is useful, please help other people find it:
Share via:

Hilmar Preusse

2006-Mar-13 12:28 UTC

[Secure-testing-team] Re: xpdf vulnerability?

On 16.03.05 Frank K?ster (frank@debian.org) wrote:> Frank K?ster <frank@debian.org> wrote:
> > Micah Anderson <micah@debian.org> wrote:
Hi all,
> >> 7. Is our xpdf vulnerable to CAN-2005-0206[13]?
> >
> > This also needs to be checked for pdftex (in tetex-bin) and
> > pdftohtml, and perhaps others that include xpdf code.
> 
> Can anybody point me to a place where I can find the patch for the
> 64-bit-specific issue?
> I was looking for a while, but couldn''t find anything.
> I found ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch - if
> that''s the right one, tetex-bin in sarge/unstable is vulnerable. 
> In woody the code looks very different.
> Well, the xpdf-3.00pl3.patch was IIRC included in the latest
tetex-bin upload (CAN-2005-0064).

H.
-- 
If the girl you love moves in with another guy once, it''s more than
enough.
Twice, it''s much too much.  Three times, it''s the story of
your life.

Secure testing team - Mar 2006 - Re: xpdf vulnerability?

[Secure-testing-team] Re: xpdf vulnerability?