Your message dated Thu, 27 Sep 2007 10:47:16 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#443906: fixed in xpdf 3.02-1.2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: xpdf
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for xpdf.
CVE-2007-5049[0]:
| Stack-based buffer overflow in the StreamPredictor::getNextLine
| function in xpdf, as used in (1) poppler before 0.5.91, (2) gpdf, (3)
| kpdf, (4) kdegraphics, (5) CUPS, and other products, might allow
| remote attackers to execute arbitrary code via a crafted PDF file, a
| different vulnerability than CVE-2007-3387.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
You can find a patch on:
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5049
Kind regards
Nico
--
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpU9P3VYhp9z.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: xpdf
Source-Version: 3.02-1.2
We believe that the bug you reported is fixed in the latest version of
xpdf, which is due to be installed in the Debian FTP archive:
xpdf-common_3.02-1.2_all.deb
to pool/main/x/xpdf/xpdf-common_3.02-1.2_all.deb
xpdf-reader_3.02-1.2_i386.deb
to pool/main/x/xpdf/xpdf-reader_3.02-1.2_i386.deb
xpdf-utils_3.02-1.2_i386.deb
to pool/main/x/xpdf/xpdf-utils_3.02-1.2_i386.deb
xpdf_3.02-1.2.diff.gz
to pool/main/x/xpdf/xpdf_3.02-1.2.diff.gz
xpdf_3.02-1.2.dsc
to pool/main/x/xpdf/xpdf_3.02-1.2.dsc
xpdf_3.02-1.2_all.deb
to pool/main/x/xpdf/xpdf_3.02-1.2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <[EMAIL PROTECTED]> (supplier of updated xpdf package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 27 Sep 2007 12:05:46 +0200
Source: xpdf
Binary: xpdf-utils xpdf xpdf-reader xpdf-common
Architecture: source i386 all
Version: 3.02-1.2
Distribution: unstable
Urgency: high
Maintainer: Hamish Moffatt <[EMAIL PROTECTED]>
Changed-By: Nico Golde <[EMAIL PROTECTED]>
Description:
xpdf - Portable Document Format (PDF) suite
xpdf-common - Portable Document Format (PDF) suite -- common files
xpdf-reader - Portable Document Format (PDF) suite -- viewer for X11
xpdf-utils - Portable Document Format (PDF) suite -- utilities
Closes: 443906
Changes:
xpdf (3.02-1.2) unstable; urgency=high
.
* Non-maintainer upload by testing security team.
* Removed post-3.5.7-kdegraphics-CVE-2007-3387.diff.dpatch and
created fix-CVE-2007-3387_CVE-2007-5049.dpatch to have a fix
for CVE-2007-3387 and a buffer overflow in GetNextLine()
(CVE-2007-5049) since they are related (Closes: #443906).
Files:
50c13160501a01e8555609e16d001858 872 text optional xpdf_3.02-1.2.dsc
45b886c40fd8ab8ea3be692623eab692 33071 text optional xpdf_3.02-1.2.diff.gz
89a860e937c9a9da201310ddb2443d47 1264 text optional xpdf_3.02-1.2_all.deb
51f888e60024b3cd39017abb1d806858 65176 text optional
xpdf-common_3.02-1.2_all.deb
0a34f94517da8ceb7a8c43972339d413 862770 text optional
xpdf-reader_3.02-1.2_i386.deb
fd10215b671d194f813fd0aced787dcf 1584826 text optional
xpdf-utils_3.02-1.2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFG+4ivHYflSXNkfP8RAhGZAJ9FbAn791zEIomWADbeJBenkD+WzQCeN4ir
3CuL2Etdm9AnAjHIeFfJq3w=
=VTfb
-----END PGP SIGNATURE-----
--- End Message ---