kfax includes xpdf code and therefore might be vulnerable to CAN-2004-1125. Please see bug 75191 for details and the patch.
hasn't this already been fixed and GLSA'd?
...or is this a new vulnerability?
A new vulnerability in xpdf that might affect kde. I think koon meant kpdf and not kfax.
kpdf seem to include the vulnerable code and the patch applies cleanly upstream has been notified kde, pls provide an updated ebuild
*** Bug 75301 has been marked as a duplicate of this bug. ***
KDE security advisory published: http://www.kde.org/info/security/advisory-20041223-1.txt
Thx Mathias. Kde please provide an updated ebuild.
updated: kdegraphics-3.2.3-r3, kdegraphics-3.3.2-r1
Thx Caleb. Arches please mark kdegraphics-3.2.3-r3 stable. Handling stable marking of 3.3.2 on bug #72750
Stable on hppa.
kdegraphics-3.3.2-r1 has already been marked stable on amd64 by Dylan.
3.3.2-r1 already stable on alpha.
sparc please mark 3.2.3-r3 and 3.3.2-r1 stable. amd64 please mark 3.2.3-r3 stable if possible or GLSA should get an amd64 specific affected version section.
Stable on amd64
Just letting you know that sparc is looking into this. Been having some problems with kicker crashing on startup that seem to affect both 3.2.3 and 3.3.x. Trying to isolate this.
GLSA 200501-17
Stable on sparc
sparc stable closing with GLSA 200501-17
And now fixed in the right order.