Debian Bug report logs - #303288
tetex-bin: CAN-2005-0064 fix was incomplete

version graph

Package: tetex-bin; Maintainer for tetex-bin is (unknown);

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Tue, 5 Apr 2005 20:18:01 UTC

Severity: grave

Tags: patch, security

Found in version 2.0.2-27

Done: Moritz Muehlenhoff <jmm@inutil.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, teTeX maintainers <debian-tetex-maint@lists.debian.org>:
Bug#303288; Package tetex-bin. (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to teTeX maintainers <debian-tetex-maint@lists.debian.org>. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: tetex-bin: CAN-2005-0064 fix was incomplete
Date: Tue, 05 Apr 2005 22:06:04 +0200
[Message part 1 (text/plain, inline)]
Package: tetex-bin
Version: 2.0.2-27
Severity: grave
Tags: security patch
Justification: user security hole

Dear TeX maintainers,
the patch you used to fix CAN-2005-0064 in -26 seems to have been derived from
xpdf 3.00-12, which unfortunately was missing a portion of the security fix
(the one that is referenced as xpdf 3.00pl3 at the xpdf website, this has been
fixed in xpdf 3.00-13). Attached patch provides the necessary fix for the
tetex-bin package.

Cheers,
        Moritz


-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)

Versions of packages tetex-bin depends on:
ii  debconf              1.4.47              Debian configuration management sy
ii  debianutils          2.13.2              Miscellaneous utilities specific t
ii  dpkg                 1.10.27             Package maintenance system for Deb
ii  ed                   0.2-20              The classic unix line editor
ii  libc6                2.3.2.ds1-20        GNU C Library: Shared libraries an
ii  libgcc1              1:4.0-0pre2         GCC support library
ii  libice6              4.3.0.dfsg.1-12.0.1 Inter-Client Exchange library
ii  libkpathsea3         2.0.2-27            path search library for teTeX (run
ii  libpaper1            1.1.14-3            Library for handling paper charact
ii  libpng12-0           1.2.8rel-1          PNG library - runtime
ii  libsm6               4.3.0.dfsg.1-12.0.1 X Window System Session Management
ii  libstdc++5           1:3.3.5-12          The GNU Standard C++ Library v3
ii  libt1-5              5.0.2-3             Type 1 font rasterizer library - r
ii  libwww0              5.4.0-9             The W3C WWW library
ii  libx11-6             4.3.0.dfsg.1-12.0.1 X Window System protocol client li
ii  libxaw7              4.3.0.dfsg.1-12.0.1 X Athena widget set library
ii  libxext6             4.3.0.dfsg.1-12.0.1 X Window System miscellaneous exte
ii  libxmu6              4.3.0.dfsg.1-12.0.1 X Window System miscellaneous util
ii  libxt6               4.3.0.dfsg.1-12.0.1 X Toolkit Intrinsics
ii  mime-support         3.31-1              MIME files 'mime.types' & 'mailcap
ii  perl                 5.8.4-8             Larry Wall's Practical Extraction 
ii  sed                  4.1.4-2             The GNU sed stream editor
ii  tetex-base           2.0.2c-7            Basic library files of teTeX
ii  ucf                  1.17                Update Configuration File: preserv
ii  xlibs                4.3.0.dfsg.1-12     X Keyboard Extension (XKB) configu
ii  zlib1g               1:1.2.2-4           compression library - runtime

-- debconf information excluded

[tetex-bin-CAN-2005-0064-missing-check.diff (text/plain, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, teTeX maintainers <debian-tetex-maint@lists.debian.org>:
Bug#303288; Package tetex-bin. (full text, mbox, link).

Acknowledgement sent to Martin Pitt <martin@piware.de>:
Extra info received and forwarded to list. Copy sent to teTeX maintainers <debian-tetex-maint@lists.debian.org>. (full text, mbox, link).

Message #10 received at 303288@bugs.debian.org (full text, mbox, reply):

From: Martin Pitt <martin@piware.de>
To: 303288@bugs.debian.org
Subject: Re: tetex-bin: CAN-2005-0064 fix was incomplete
Date: Wed, 6 Apr 2005 14:31:40 +0200
[Message part 1 (text/plain, inline)]
Hi!

tetex-bin is not affected by the keyLength patch, since encryption is
disabled in tetex-bin and the relevant part of XRef.cc is not even
compiled.

Please close this bug.

Thanks,

Martin

-- 
Martin Pitt               http://www.piware.de
Ubuntu Developer    http://www.ubuntulinux.org
Debian Developer         http://www.debian.org

[signature.asc (application/pgp-signature, inline)]

Reply sent to Moritz Muehlenhoff <jmm@inutil.org>:
You have taken responsibility. (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (full text, mbox, link).

Message #15 received at 303288-done@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: 303288-done@bugs.debian.org
Subject: I missed the missing encryption support
Date: Wed, 6 Apr 2005 16:32:33 +0200
Hi,
I missed that. I'm closing the bug.

Cheers,
        Moritz

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Oct 21 03:34:14 2021; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.