Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 188169 - media-libs/libextractor should make sure not to compile vulnerable xpdf code
Summary: media-libs/libextractor should make sure not to compile vulnerable xpdf code
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High trivial (vote)
Assignee: Gentoo net-p2p team
URL: http://secunia.com/advisories/26342/
Whiteboard:
Keywords:
: 192636 (view as bug list)
Depends on:
Blocks:
 
Reported: 2007-08-08 20:10 UTC by Matt Fleming (RETIRED)
Modified: 2007-09-16 19:54 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matt Fleming (RETIRED) gentoo-dev 2007-08-08 20:10:07 UTC 
libextractor uses vulnerable xpdf code and needs updating.

see, https://bugs.gentoo.org/show_bug.cgi?id=187139
Comment 1 Matt Fleming (RETIRED) gentoo-dev 2007-08-08 20:12:18 UTC 
CC'ing maintainer and setting whiteboard status
Comment 2 Matt Fleming (RETIRED) gentoo-dev 2007-08-08 20:27:34 UTC 
See bug 185225 for a patch for the xpdf code.
Comment 3 Matt Fleming (RETIRED) gentoo-dev 2007-08-08 21:18:56 UTC 
Adding CVE number
Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2007-09-13 13:29:28 UTC 
This is not an issue. Since 0.5.12 libextractor is shipping its own PDF support and at least in 0.5.15 it is also enabled by default:
  checking whether to enable xpdf-based extractor... no

net-p2p, could you please make sure this setting is forced in case the defaults change - by adding --disable-xpdf to configure?

Thanks.
Comment 5 Robert Buchholz (RETIRED) gentoo-dev 2007-09-13 13:31:39 UTC 
Reassigning to maintainers.
Comment 6 Robert Buchholz (RETIRED) gentoo-dev 2007-09-16 04:16:54 UTC 
*** Bug 192636 has been marked as a duplicate of this bug. ***
Comment 7 Santiago M. Mola (RETIRED) gentoo-dev 2007-09-16 19:54:26 UTC 
--disable-xpdf added. Thanks Matt and Robert.