Re: xpdf code security, removal of pdftohtml

2008-06-20 Thread Philipp Kern
On Sat, Jun 21, 2008 at 12:39:09AM +1000, Hamish Moffatt wrote: > On Thu, Jun 19, 2008 at 05:08:17PM +0200, Philipp Kern wrote: > > On Fri, Jun 06, 2008 at 01:19:12PM +0200, Philipp Kern wrote: > > > On Sat, Jan 05, 2008 at 05:40:13PM +0100, Frederic Peters wrote: > > > > I am the maintainer of pdf

Re: xpdf code security, removal of pdftohtml

2008-06-20 Thread Hamish Moffatt
On Thu, Jun 19, 2008 at 05:08:17PM +0200, Philipp Kern wrote: > On Fri, Jun 06, 2008 at 01:19:12PM +0200, Philipp Kern wrote: > > On Sat, Jan 05, 2008 at 05:40:13PM +0100, Frederic Peters wrote: > > > I am the maintainer of pdftohtml, it embeds code from xpdf, and can be > > > replaced by pdftohtml

Re: xpdf code security, removal of pdftohtml

2008-06-19 Thread Philipp Kern
On Fri, Jun 06, 2008 at 01:19:12PM +0200, Philipp Kern wrote: > On Sat, Jan 05, 2008 at 05:40:13PM +0100, Frederic Peters wrote: > > I am the maintainer of pdftohtml, it embeds code from xpdf, and can be > > replaced by pdftohtml from poppler-utils; this has been the case in sid > > for months (pac

Re: xpdf code security, removal of pdftohtml

2008-06-06 Thread Philipp Kern
On Sat, Jan 05, 2008 at 05:40:13PM +0100, Frederic Peters wrote: > I am the maintainer of pdftohtml, it embeds code from xpdf, and can be > replaced by pdftohtml from poppler-utils; this has been the case in sid > for months (package got removed from sid/lenny in June) and nobody > complained about

Re: xpdf code security, removal of pdftohtml

2008-01-19 Thread Luk Claes
Frederic Peters wrote: > Hello, > > xpdf has a long history of security problems, and got its code > duplicated in a lot of packages. All of this has to be tracked > by the security team and this is a serious burden. > > As Moritz wrote: > >>> the whole xpdf mess is just insane: There's another

Re: xpdf code security, removal of pdftohtml

2008-01-17 Thread Moritz Muehlenhoff
Frederic Peters wrote: > There is a pdftohtml package converted to be a transitional package > available at http://people.debian.org/~fpeters/pdftohtml/, interdiff > is attached to this message. It adds a NEWS file explaining the > situation. > > Could this issue be considered by the release team

xpdf code security, removal of pdftohtml

2008-01-05 Thread Frederic Peters
Hello, xpdf has a long history of security problems, and got its code duplicated in a lot of packages. All of this has to be tracked by the security team and this is a serious burden. As Moritz wrote: >> the whole xpdf mess is just insane: There's another massive round >> of security issues bei