On Sat, 2017-03-04 at 16:50 -0700, Sean Whitton wrote: > On Sat, Mar 04, 2017 at 11:13:53PM +0100, Svante Signell wrote: > > OK, including the real upstream tarball solves that issue, right? > > It wouldn't, since the sources of hello.pdf are not included in that > tarball (apparently).
On the contrary, they are present in the upstream tarball, but not in the debian *.orig* version. > > (Sorry, I don't really see the problem with me wanting to adopt the > > (real) xpdf package?) > > The security issues that I have raised. Which security issues? Please let me know (links please), so I can check them out. I really do take this seriously. On the other hand, are there any security issues with libpoppler known?