Bug#286984: CAN-2004-1125: Arbitrary code execution in tetex-bin
Frank Küster wrote:
> Martin Schulze <joey@infodrom.org> schrieb:
>
> > Moin Frank
> >
> > an iDEFENSE researcher noticed another buffer overflow in Xpdf that
> > could lead to the execution of arbitrary code in Xpdf. Similar
> > code is also present in tetex-bin. Hence, we'll need to roll an
> > update.
>
> This has been reported by Martin Pitt from Ubuntu as #286984, which has
> been Cc'ed to team@s.d.o. Didn't you get the mail?
I just saw it.
> > I'm attaching the patch we're using for fixing woody.
>
> The patch was empty.
Uh? How did that happen?
> By the way, is there a way for an "ordinary maintainer" like me to get
> information about security problems in a timely manner? Like some
> announce list that can easily be filtered? The iDEFENSE advisory says
> beneath "timeline":
>
> 12/21/2004 Coordinated public disclosure
My first trace of this is from December 21th as well. iDEFENSE doesn't
coordinate and vendor refers to author in this case. Since there was
some discussion, iDEFENSE may switch to using author or something in
the future.
Regards,
Joey
--
Open source is important from a technical angle. -- Linus Torvalds
Please always Cc to me when replying to me on the lists.
Reply to: