[tex-live] Recent poppler vulnerabilities?

Norbert Preining preining at logic.at
Sat Oct 24 14:16:10 CEST 2009


On Sa, 24 Okt 2009, Alexander Cherepanov wrote:
> Fixed version is Poppler 0.12.1, released on Oct 18, 2009.

Might be interesting, but the source code in TL does not support
poppler >> 0.10. They (poppler people) again changed API and removed
some functions, so patches are necessary.

Ubuntu people have patches for TL ready, and I have included in my
preliminary TL2009 packages for Debian.

In due time I will update the files in TL with the respective #if to get 
it working with poppler 0.12.

OTOH, most CVE are not really a problem for the tex programs itself, more
for the viewers, so maybe TW could actually profit from it.

Best wishes

Norbert

-------------------------------------------------------------------------------
Dr. Norbert Preining                                        Associate Professor
JAIST Japan Advanced Institute of Science and Technology   preining at jaist.ac.jp
Vienna University of Technology                               preining at logic.at
Debian Developer (Debian TeX Task Force)                    preining at debian.org
gpg DSA: 0x09C5B094      fp: 14DF 2E6C 0307 BE6D AD76  A9C0 D2BF 4AA3 09C5 B094
-------------------------------------------------------------------------------
TOTTERIDGE (n.)
The ridiculous two-inch hunch that people adopt when arriving late for
the theatre in the vain and futile hope that it will minimise either
the embarrassment of the lack of visibility for the rest of the
audience. c.f. hickling.
			--- Douglas Adams, The Meaning of Liff


More information about the tex-live mailing list