Frank Küster wrote:
> >> Package: xpdf-reader
> >> Version: 3.00-14
> >> Severity: important
> >> Tags: security
> >>
> >> A DoS vulnerability has been found in xpdf: PDFs with specially crafted
> >> loca tables can fill up /tmp. It seems as if the upcoming 3.01 will
> >> contain a patch.
> >
> > Thanks for the heads-up. I'll be sure to upload 3.01 as soon as it's
> > released. The work I did in 3.00-14 (ie switching to dpatch) should make
> > it fairly easy to migrate to the new version.
>
> There's already a patch at ftp://ftp.kde.org/pub/kde/security_patches/,
> I'm attaching it along with the signature file.
Ubuntu has an xpdf specific patch as well. It's "hidden" in the complete
diff with other fixes, so it's probably easiest to ask Martin Pitt, the
Ubuntu security guy, for the concrete patch.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
