Frank Küster wrote:
I think they are treated as a security issue if they allow a DoS attack or executing malicious code etc. It doesn't sound friendlier to me at all. A normal bug should be fixed, yes; but it doesn't make sense to backport all fixes for bugs found so far into a stable release. If it's a security issue, it generally makes sense.
In the case of pdftex, I would be more worried about real bugs. The chance of a malicious PNG image accidentally appearing in a document that will be processed by pdftex is very low. OTOH, the chance of a pdfTeX user hitting one of the 'normal' bugs and thereby suffering actual consequences (missed deadlines, lost assignments, discouraged clients) are probably a whole lot higher. If there is a new version, it should be integrated regardless. Taco