Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 75204 - kde-base/kdegraphics: kpdf Buffer Overflow Vulnerability
Summary: kde-base/kdegraphics: kpdf Buffer Overflow Vulnerability
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.kde.org/info/security/advi...
Whiteboard: A2 [glsa] jaervosz
Keywords:
: 75301 (view as bug list)
Depends on: 72750
Blocks:
  Show dependency tree
 
Reported: 2004-12-21 09:10 UTC by Thierry Carrez (RETIRED)
Modified: 2005-01-11 22:41 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thierry Carrez (RETIRED) gentoo-dev 2004-12-21 09:10:25 UTC
kfax includes xpdf code and therefore might be vulnerable to CAN-2004-1125.
Please see bug 75191 for details and the patch.
Comment 1 Caleb Tennis (RETIRED) gentoo-dev 2004-12-21 09:44:32 UTC
hasn't this already been fixed and GLSA'd?
Comment 2 Caleb Tennis (RETIRED) gentoo-dev 2004-12-21 09:46:01 UTC
...or is this a new vulnerability?
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-12-21 09:49:24 UTC
A new vulnerability in xpdf that might affect kde. I think koon meant kpdf and not kfax.
Comment 4 Matthias Geerdsen (RETIRED) gentoo-dev 2004-12-21 12:56:27 UTC
kpdf seem to include the vulnerable code and the patch applies cleanly
upstream has been notified

kde, pls provide an updated ebuild
Comment 5 Thierry Carrez (RETIRED) gentoo-dev 2004-12-22 08:16:24 UTC
*** Bug 75301 has been marked as a duplicate of this bug. ***
Comment 6 Matthias Geerdsen (RETIRED) gentoo-dev 2004-12-23 03:29:01 UTC
KDE security advisory published:
http://www.kde.org/info/security/advisory-20041223-1.txt
Comment 7 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-12-23 03:40:18 UTC
Thx Mathias. Kde please provide an updated ebuild.
Comment 8 Caleb Tennis (RETIRED) gentoo-dev 2004-12-27 07:22:51 UTC
updated: kdegraphics-3.2.3-r3, kdegraphics-3.3.2-r1
Comment 9 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-12-27 10:34:50 UTC
Thx Caleb.

Arches please mark kdegraphics-3.2.3-r3 stable. Handling stable marking of 3.3.2 on bug #72750
Comment 10 Guy Martin (RETIRED) gentoo-dev 2005-01-03 16:50:19 UTC
Stable on hppa.
Comment 11 Marcus D. Hanwell (RETIRED) gentoo-dev 2005-01-03 19:53:03 UTC
kdegraphics-3.3.2-r1 has already been marked stable on amd64 by Dylan.
Comment 12 Bryan Østergaard (RETIRED) gentoo-dev 2005-01-05 10:11:10 UTC
3.3.2-r1 already stable on alpha.
Comment 13 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-01-06 11:43:13 UTC
sparc please mark 3.2.3-r3 and 3.3.2-r1 stable.
amd64 please mark 3.2.3-r3 stable if possible or GLSA should get an amd64 specific affected version section.
Comment 14 Karol Wojtaszek (RETIRED) gentoo-dev 2005-01-06 14:40:50 UTC
Stable on amd64
Comment 15 Jason Wever (RETIRED) gentoo-dev 2005-01-09 09:12:13 UTC
Just letting you know that sparc is looking into this.  Been having some problems with kicker crashing on startup that seem to affect both 3.2.3 and 3.3.x.  Trying to isolate this.
Comment 16 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-01-11 05:32:11 UTC
GLSA 200501-17
Comment 17 Jason Wever (RETIRED) gentoo-dev 2005-01-11 19:51:31 UTC
Stable on sparc
Comment 18 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-01-11 22:35:09 UTC
sparc stable closing with GLSA 200501-17
Comment 19 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-01-11 22:41:20 UTC
And now fixed in the right order.