Frank Küster
2007-Jul-16 09:08 UTC
[Secure-testing-team] Embedded xpdf code: new incarnation found
Hi, is there some publically available list of packages which contain xpdf code? I think I have found a new one: ,---- ipe-6.0pre28/debian/copyright | Ipe uses [...], as well as some code | from Xpdf by Derek B. Noonburg (www.foolabs.com/xpdf). `---- Regards, Frank -- Frank K?ster Single Molecule Spectroscopy, Protein Folding @ Inst. f. Biochemie, Univ. Z?rich Debian Developer (teTeX/TeXLive)
harl at marsmenschen.com
2007-Jul-16 09:50 UTC
[Secure-testing-team] Embedded xpdf code: new incarnation found
Hi Frank, there is a wiki page @ http://wiki.debian.org/EmbeddedCodeCopies Regards, Florian> Hi, > > is there some publically available list of packages which contain xpdf > code? I think I have found a new one: > > ,---- ipe-6.0pre28/debian/copyright > | Ipe uses [...], as well as some code > | from Xpdf by Derek B. Noonburg (www.foolabs.com/xpdf). > `---- > > Regards, Frank > -- > Frank K?ster > Single Molecule Spectroscopy, Protein Folding @ Inst. f. Biochemie, Univ. > Z?rich > Debian Developer (teTeX/TeXLive) > > _______________________________________________ > Secure-testing-team mailing list > Secure-testing-team at lists.alioth.debian.org > http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team >
Frank Küster
2007-Jul-16 10:09 UTC
[Secure-testing-team] Embedded xpdf code: new incarnation found
harl at marsmenschen.com wrote:> Hi Frank, > > there is a wiki page @ http://wiki.debian.org/EmbeddedCodeCopies... which refers to http://svn.debian.org/wsvn/secure-testing/data/embedded-code-copies?op=file You might want to add ipe to xpdf copies, but it uses only a tiny amount of code. What makes it a bit harder is that it doesn''t use original filenames, instead three files contain "Taken from Xpdf 2.01, Copyright 2001-2002 Glyph & Cog, LLC" (or without the version number). Those are src/ipecanvas/ipestdfonts.cpp, src/ipecanvas/ipefonts.cpp, and src/ipelib/ipedct.cpp. I don''t think that xpdf security issues, if they show up at all, are much of a problem in this case. Regards, Frank -- Frank K?ster Single Molecule Spectroscopy, Protein Folding @ Inst. f. Biochemie, Univ. Z?rich Debian Developer (teTeX/TeXLive)