[NTG-pdftex] 1.30.7?

George N. White III aa056 at chebucto.ns.ca
Thu Jun 29 22:45:44 CEST 2006


On 6/29/06, Frank Küster <frank at debian.org> wrote:

> >> the libpng-version we use has a security problem which is fixed in a
>
> I think they are treated as a security issue if they allow a DoS attack
> or executing malicious code etc.  It doesn't sound friendlier to me at
> all.  A normal bug should be fixed, yes; but it doesn't make sense to
> backport all fixes for bugs found so far into a stable release.  If it's
> a security issue, it generally makes sense.
>
> In this particular case, I don't know about the impact of the problem,
> and I personally don't care since we (Debian) compile
> --with-system-pnglib and therefore get the update automatically.

Most linux distributions will compile using "--with-system-pnglib" anyway.
In Fedora Core 4 I see;

$ ldd /usr/bin/pdfetex | grep libpng
libpng12.so.0 => /usr/lib/libpng12.so.0

People who need to worry about security shouldn't rely on the pdftex
developers to provide new binaries.

-- 
George N. White III <aa056 at chebucto.ns.ca>
Head of St. Margarets Bay, Nova Scotia


More information about the ntg-pdftex mailing list