Your message dated Thu, 27 Sep 2007 10:47:16 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#443906: fixed in xpdf 3.02-1.2
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: xpdf
Severity: grave
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for xpdf.

CVE-2007-5049[0]:
| Stack-based buffer overflow in the StreamPredictor::getNextLine
| function in xpdf, as used in (1) poppler before 0.5.91, (2) gpdf, (3)
| kpdf, (4) kdegraphics, (5) CUPS, and other products, might allow
| remote attackers to execute arbitrary code via a crafted PDF file, a
| different vulnerability than CVE-2007-3387.

If you fix this vulnerability please also include the CVE id
in your changelog entry.

You can find a patch on:
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch

For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5049

Kind regards
Nico

-- 
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpU9P3VYhp9z.pgp
Description: PGP signature


--- End Message ---
--- Begin Message ---
Source: xpdf
Source-Version: 3.02-1.2

We believe that the bug you reported is fixed in the latest version of
xpdf, which is due to be installed in the Debian FTP archive:

xpdf-common_3.02-1.2_all.deb
  to pool/main/x/xpdf/xpdf-common_3.02-1.2_all.deb
xpdf-reader_3.02-1.2_i386.deb
  to pool/main/x/xpdf/xpdf-reader_3.02-1.2_i386.deb
xpdf-utils_3.02-1.2_i386.deb
  to pool/main/x/xpdf/xpdf-utils_3.02-1.2_i386.deb
xpdf_3.02-1.2.diff.gz
  to pool/main/x/xpdf/xpdf_3.02-1.2.diff.gz
xpdf_3.02-1.2.dsc
  to pool/main/x/xpdf/xpdf_3.02-1.2.dsc
xpdf_3.02-1.2_all.deb
  to pool/main/x/xpdf/xpdf_3.02-1.2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <[EMAIL PROTECTED]> (supplier of updated xpdf package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 27 Sep 2007 12:05:46 +0200
Source: xpdf
Binary: xpdf-utils xpdf xpdf-reader xpdf-common
Architecture: source i386 all
Version: 3.02-1.2
Distribution: unstable
Urgency: high
Maintainer: Hamish Moffatt <[EMAIL PROTECTED]>
Changed-By: Nico Golde <[EMAIL PROTECTED]>
Description: 
 xpdf       - Portable Document Format (PDF) suite
 xpdf-common - Portable Document Format (PDF) suite -- common files
 xpdf-reader - Portable Document Format (PDF) suite -- viewer for X11
 xpdf-utils - Portable Document Format (PDF) suite -- utilities
Closes: 443906
Changes: 
 xpdf (3.02-1.2) unstable; urgency=high
 .
   * Non-maintainer upload by testing security team.
   * Removed post-3.5.7-kdegraphics-CVE-2007-3387.diff.dpatch and
     created fix-CVE-2007-3387_CVE-2007-5049.dpatch to have a fix
     for CVE-2007-3387 and a buffer overflow in GetNextLine()
     (CVE-2007-5049) since they are related (Closes: #443906).
Files: 
 50c13160501a01e8555609e16d001858 872 text optional xpdf_3.02-1.2.dsc
 45b886c40fd8ab8ea3be692623eab692 33071 text optional xpdf_3.02-1.2.diff.gz
 89a860e937c9a9da201310ddb2443d47 1264 text optional xpdf_3.02-1.2_all.deb
 51f888e60024b3cd39017abb1d806858 65176 text optional 
xpdf-common_3.02-1.2_all.deb
 0a34f94517da8ceb7a8c43972339d413 862770 text optional 
xpdf-reader_3.02-1.2_i386.deb
 fd10215b671d194f813fd0aced787dcf 1584826 text optional 
xpdf-utils_3.02-1.2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFG+4ivHYflSXNkfP8RAhGZAJ9FbAn791zEIomWADbeJBenkD+WzQCeN4ir
3CuL2Etdm9AnAjHIeFfJq3w=
=VTfb
-----END PGP SIGNATURE-----



--- End Message ---

Reply via email to