[NTG-pdftex] 1.30.7?

Taco Hoekwater taco at elvenkind.com
Thu Jun 29 20:23:05 CEST 2006


Frank Küster wrote:
> 
> I think they are treated as a security issue if they allow a DoS attack
> or executing malicious code etc.  It doesn't sound friendlier to me at
> all.  A normal bug should be fixed, yes; but it doesn't make sense to
> backport all fixes for bugs found so far into a stable release.  If it's
> a security issue, it generally makes sense.

In the case of pdftex, I would be more worried about real bugs.

The chance of a malicious PNG image accidentally appearing in a
document that will be processed by pdftex is very low. OTOH, the
chance of a pdfTeX user hitting one of the 'normal' bugs and
thereby suffering actual consequences (missed deadlines, lost
assignments, discouraged clients) are probably a whole lot higher.

If there is a new version, it should be integrated regardless.

Taco


More information about the ntg-pdftex mailing list