Bug#291994: marked as done ("Decrypt::makeFileKey2()" Buffer Overflow)

[Debian Bug Tracking System]

Your message dated Mon, 24 Jan 2005 15:20:39 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Bug#291994: "Decrypt::makeFileKey2()" Buffer Overflow
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 24 Jan 2005 13:47:56 +0000
>From [EMAIL PROTECTED] Mon Jan 24 05:47:56 2005
Return-path: <[EMAIL PROTECTED]>
Received: from mail.arcert.gov.ar [200.47.53.18] 
        by spohr.debian.org with smtp (Exim 3.35 1 (Debian))
        id 1Ct4ZP-00055e-00; Mon, 24 Jan 2005 05:47:55 -0800
Received: (qmail 6975 invoked from network); 24 Jan 2005 13:47:49 -0000
X-Scanned-By: ArCERT.
Received: from unknown (HELO clementina.arcert.gov.ar) (arcert)
  by mail.arcert.gov.ar with SMTP; 24 Jan 2005 13:47:48 -0000
Subject: "Decrypt::makeFileKey2()" Buffer Overflow
From: Luciano Bello <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Content-Type: text/plain
Date: Mon, 24 Jan 2005 10:46:01 -0300
Message-Id: <[EMAIL PROTECTED]>
Mime-Version: 1.0
X-Mailer: Evolution 2.0.3 
Content-Transfer-Encoding: 7bit
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-5.5 required=4.0 tests=BAYES_30,HAS_PACKAGE 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: kpdf
Version: 3.x
Severity: grave
Tags: security sarge sid patch

The version in woody is not affected by this problem.

TITLE:
KDE kpdf "Decrypt::makeFileKey2()" Buffer Overflow

SECUNIA ADVISORY ID:
SA13916

VERIFY ADVISORY:
http://secunia.com/advisories/13916/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
KDE 3.x
http://secunia.com/product/219/

DESCRIPTION:
The vendor has acknowledged a vulnerability in kpdf, which can be
exploited by malicious people to compromise a user's system.

For more information:
SA13903

SOLUTION:
Apply patches.

KDE 3.2.3:
ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdegraphics-3.diff

KDE 3.3.2:
ftp://ftp.kde.org/pub/kde/security_patches/post-3.3.2-kdegraphics-3.diff

ORIGINAL ADVISORY:
http://www.kde.org/info/security/advisory-20050119-1.txt

OTHER REFERENCES:
SA13903:
http://secunia.com/advisories/13903/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/



---------------------------------------
Received: (at 291994-done) by bugs.debian.org; 24 Jan 2005 14:20:42 +0000
>From [EMAIL PROTECTED] Mon Jan 24 06:20:42 2005
Return-path: <[EMAIL PROTECTED]>
Received: from 84-120-64-130.onocable.ono.com (chistera.yi.org) [84.120.64.130] 
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1Ct558-0006Wv-00; Mon, 24 Jan 2005 06:20:42 -0800
Received: from userid 1000 by chistera.yi.org with local (Exim 4.43) 
          id 1Ct555-0007um-N9; Mon, 24 Jan 2005 15:20:39 +0100
Date: Mon, 24 Jan 2005 15:20:39 +0100
From: Adeodato =?iso-8859-1?Q?Sim=F3?= <[EMAIL PROTECTED]>
To: Luciano Bello <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: Re: Bug#291994: "Decrypt::makeFileKey2()" Buffer Overflow
Message-ID: <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED],
        Adeodato =?iso-8859-1?Q?Sim=F3?= <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <[EMAIL PROTECTED]>
X-No-CC: Please respect my Mail-Followup-To header
User-Agent: Mutt/1.5.6+20050115i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.8 required=4.0 tests=BAYES_01,FROM_ENDS_IN_NUMS,
        HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

* Luciano Bello [Mon, 24 Jan 2005 10:46:01 -0300]:
> Package: kpdf
> Version: 3.x
> Severity: grave
> Tags: security sarge sid patch

> The version in woody is not affected by this problem.

  The version in sid either, see #291251. Will enter sarge 'soon'.

-- 
Adeodato Simó
    EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621
 
Don't be irreplaceable, if you can't be replaced, you can't be promoted.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]