[Secure-testing-team] Re: [Secure-testing-commits] r3297 - data/CVE
Anthony DeRobertis
anthony at derobert.net
Sun Jan 15 16:04:54 UTC 2006
Moritz Muehlenhoff wrote:
> Modified: data/CVE/list
> ===================================================================
> --- data/CVE/list 2006-01-14 17:00:45 UTC (rev 3296)
> +++ data/CVE/list 2006-01-15 12:03:20 UTC (rev 3297)
> @@ -2826,6 +2826,7 @@
> CVE-2005-3627 (Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, ...)
> {DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
> - poppler 0.4.4-1 (bug #346076)
> + - tetex <not-affected> (Links dynamically to poppler)
Are you sure? Neither tetex-bin nor tetex-extra Depends: on libpoppler,
and while I'm not sure which program(s) in TeTex use xpdf code, pdflatex
certainly doesn't link to poppler:
$ ldd `which pdflatex `
libpng12.so.0 => /usr/lib/libpng12.so.0 (0x00002aaaaabc3000)
libz.so.1 => /usr/lib/libz.so.1 (0x00002aaaaace7000)
libkpathsea.so.3 => /usr/lib/libkpathsea.so.3 (0x00002aaaaadfe000)
libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x00002aaaaaf12000)
libm.so.6 => /lib/libm.so.6 (0x00002aaaab10f000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x00002aaaab295000)
libc.so.6 => /lib/libc.so.6 (0x00002aaaab3a2000)
/lib64/ld-linux-x86-64.so.2 (0x00002aaaaaaab000)
$ dpkg -s tetex-bin | grep Version
Version: 2.0.2-31
Possibly, this is true for the version in unstable, but not testing.
More information about the Secure-testing-team
mailing list