* Message by -Devin Carraway- from Thu 2008-04-17:

> Package        : xpdf
> Vulnerability  : multiple
> Problem type   : local (remote)
> Debian-specific: no
> CVE Id(s)      : CVE-2008-1693
 
[...]
> For the unstable distribution (sid), these problems were fixed in
> version 3.02-1.2.

Is that really the case?

I checked the file[1] and found no traces from the fix[2] in it.

[1] http://ftp.de.debian.org/debian/pool/main/x/xpdf/xpdf_3.02-1.3.diff.gz 
[2] http://ftp.de.debian.org/debian/pool/main/x/xpdf/xpdf_3.01-9.1+etch4.diff.gz
    file debian/patches/36_CVE-2008-1693_embedded-font-typesafety.patch

Or maybe 3.02 does not need that fix (in contrast to 3.01)? But then, I found 
that the patch 36_CVE-2008-1693_embedded-font-typesafety.patch can be applied 
cleanly against 3.02 sources.

Thank you for a clarification.

Lasse

Attachment: pgpmq2KktvWxn.pgp
Description: PGP signature

Reply via email to