[Seems I messed up the first attempt of this mail]
Frank K?ster <frank@debian.org> wrote:
> Micah Anderson <micah@debian.org> wrote:
>
>> 7. Is our xpdf vulnerable to CAN-2005-0206[13]?
>
> This also needs to be checked for pdftex (in tetex-bin) and pdftohtml,
> and perhaps others that include xpdf code.
Can anybody point me to a place where I can find the patch for the
64-bit-specific issue? The CVE only lists the RedHat and Mandrake
security announcements, but I don''t know how to get those
source-rpm''s.
I found ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch - if that''s
the
right one, tetex-bin in sarge/unstable is vulnerable. In woody the code
looks very different.
Regards, Frank
--
Frank K?ster
Inst. f. Biochemie der Univ. Z?rich
Debian Developer