taco at elvenkind.com
Thu Jun 29 20:23:05 CEST 2006
Frank Küster wrote:
> I think they are treated as a security issue if they allow a DoS attack
> or executing malicious code etc. It doesn't sound friendlier to me at
> all. A normal bug should be fixed, yes; but it doesn't make sense to
> backport all fixes for bugs found so far into a stable release. If it's
> a security issue, it generally makes sense.
In the case of pdftex, I would be more worried about real bugs.
The chance of a malicious PNG image accidentally appearing in a
document that will be processed by pdftex is very low. OTOH, the
chance of a pdfTeX user hitting one of the 'normal' bugs and
thereby suffering actual consequences (missed deadlines, lost
assignments, discouraged clients) are probably a whole lot higher.
If there is a new version, it should be integrated regardless.
More information about the ntg-pdftex