* Message by -Devin Carraway- from Thu 2008-04-17: > Package : xpdf > Vulnerability : multiple > Problem type : local (remote) > Debian-specific: no > CVE Id(s) : CVE-2008-1693 [...] > For the unstable distribution (sid), these problems were fixed in > version 3.02-1.2.
Is that really the case? I checked the file[1] and found no traces from the fix[2] in it. [1] http://ftp.de.debian.org/debian/pool/main/x/xpdf/xpdf_3.02-1.3.diff.gz [2] http://ftp.de.debian.org/debian/pool/main/x/xpdf/xpdf_3.01-9.1+etch4.diff.gz file debian/patches/36_CVE-2008-1693_embedded-font-typesafety.patch Or maybe 3.02 does not need that fix (in contrast to 3.01)? But then, I found that the patch 36_CVE-2008-1693_embedded-font-typesafety.patch can be applied cleanly against 3.02 sources. Thank you for a clarification. Lasse
pgpmq2KktvWxn.pgp
Description: PGP signature