*** This bug has been split off bug 145049 *** ------- Original comment by Josh Bressers (Security Response Team) on 2005.01.13 17:30 ------- iDEFENSE has reported a stack based buffer overflow in xpdf. The patch is here: ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch The iDEFENSE advisory is attachment 109745 [details] I don't know if this issue will affect the RHEL2.1 tetex.
Jindrich, We're going to want to roll new packages for RHSA-2005:006
The patch URL does not yet work. We don't have a patch from upstream yet. I'll update the bugs as soon as I know.
Now public, see URL for patch, removing embargo
RHEL-3 version of tetex is unaffected by this issue since it lacks implementation of Decrypt::makeFileKey2() method and Decrypt::makeFileKey() is safe in Decrypt.cc.