First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 75801
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Thierry Carrez (RETIRED) <koon@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
xdvizilla.patch xdvizilla.patch patch Thierry Carrez (RETIRED) 2004-12-27 08:12 0000 912 bytes Details | Diff
tetex-2.0.2-r5.ebuild tetex-2.0.2-r5.ebuild text/plain MATSUU Takuto 2005-01-08 05:02 0000 975 bytes Details
ptex-3.1.4-r2.ebuild ptex-3.1.4-r2.ebuild text/plain MATSUU Takuto 2005-01-08 05:02 0000 3.29 KB Details
cstetex-2.0.2-r1.ebuild cstetex-2.0.2-r1.ebuild text/plain MATSUU Takuto 2005-01-08 06:37 0000 1.51 KB Details
xpdf-CESA-2004-007-xpdf2-newer.diff xpdf-CESA-2004-007-xpdf2-newer.diff patch MATSUU Takuto 2005-01-15 23:50 0000 2.65 KB Details | Diff
xpdf-goo-sizet.patch xpdf-goo-sizet.patch patch MATSUU Takuto 2005-01-15 23:51 0000 1.39 KB Details | Diff
xpdf2-underflow.patch xpdf2-underflow.patch patch MATSUU Takuto 2005-01-15 23:51 0000 2.31 KB Details | Diff
xpdf-3.00pl2-CAN-2004-1125.patch xpdf-3.00pl2-CAN-2004-1125.patch patch MATSUU Takuto 2005-01-15 23:52 0000 1.11 KB Details | Diff
tetex-2.0.2-r5.ebuild tetex-2.0.2-r5.ebuild text/plain MATSUU Takuto 2005-01-15 23:52 0000 1.06 KB Details
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 75801 depends on: Show dependency tree
Bug 75801 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-12-27 08:11 0000 
Tetex includes xpdf code, so it is vulnerable to :
- CAN-2004-0888 and CAN-2004-0889 and 64 bit issues that were found on these
  xpdf2-style patches for these 2 can be found in app-text/pdftohtml files
  xpdf3-style patches for these 2 can be found in gnustep-libs/pdfkit files
- CAN-2004-1125 (see bug 75191)

Tetex also includes tmpfile vulns in "xdvizilla", see attached patch.

------- Comment #1 From Thierry Carrez (RETIRED) 2004-12-27 08:12:12 0000 ------- 
Created an attachment (id=46970) [edit]
xdvizilla.patch

xdvizilla tmpfile vulns patch, ripped from Ubuntu's diff.

------- Comment #2 From Thierry Carrez (RETIRED) 2004-12-28 02:40:04 0000 ------- 
text-markup team, please apply patches and bump.

------- Comment #3 From Thierry Carrez (RETIRED) 2005-01-01 11:19:17 0000 ------- 
Mandrake Advisory: MDKSA-2004:166
Ubuntu Security Notice: USN-51-1

text-markup team: please apply patches and bump

------- Comment #4 From Mamoru KOMACHI (RETIRED) 2005-01-01 22:00:53 0000 ------- 
I don't have time to do this until 17 Jan. Sorry for that.
(It includes several patches and we need to check tetex,
ptex and cstetex)

Could somebody else from text-markup team apply these patches?

------- Comment #5 From Thierry Carrez (RETIRED) 2005-01-07 05:20:15 0000 ------- 
Mamoru: I tried to ask to other text-markup members but it seems only you can
do it :/ If you know someone else please contact him/her and ask for help...
since I didn't have much success asking for help myself.

------- Comment #6 From MATSUU Takuto 2005-01-08 05:02:17 0000 ------- 
Created an attachment (id=47932) [edit]
tetex-2.0.2-r5.ebuild

------- Comment #7 From MATSUU Takuto 2005-01-08 05:02:45 0000 ------- 
Created an attachment (id=47933) [edit]
ptex-3.1.4-r2.ebuild

------- Comment #8 From MATSUU Takuto 2005-01-08 06:37:30 0000 ------- 
Created an attachment (id=47937) [edit]
cstetex-2.0.2-r1.ebuild

------- Comment #9 From Thierry Carrez (RETIRED) 2005-01-10 01:49:02 0000 ------- 
Matsuu: you're missing the CAN-2004-1125 fix. Something like
app-text/pdftohtml/pdftohtml-xpdf-3.00pl2-CAN-2004-1125.patch should be applied
too.

------- Comment #10 From MATSUU Takuto 2005-01-15 23:50:38 0000 ------- 
Created an attachment (id=48625) [edit]
xpdf-CESA-2004-007-xpdf2-newer.diff

------- Comment #11 From MATSUU Takuto 2005-01-15 23:51:10 0000 ------- 
Created an attachment (id=48626) [edit]
xpdf-goo-sizet.patch

------- Comment #12 From MATSUU Takuto 2005-01-15 23:51:38 0000 ------- 
Created an attachment (id=48627) [edit]
xpdf2-underflow.patch

------- Comment #13 From MATSUU Takuto 2005-01-15 23:52:10 0000 ------- 
Created an attachment (id=48628) [edit]
xpdf-3.00pl2-CAN-2004-1125.patch

------- Comment #14 From MATSUU Takuto 2005-01-15 23:52:38 0000 ------- 
Created an attachment (id=48629) [edit]
tetex-2.0.2-r5.ebuild

------- Comment #15 From Thierry Carrez (RETIRED) 2005-01-19 00:28:49 0000 ------- 
Matsuu, you should commit new ebuilds in portage, as ~
Please also include xpdf-3.00pl3.patch from bug 77888

------- Comment #16 From Thierry Carrez (RETIRED) 2005-01-19 00:31:49 0000 ------- 
*** Bug 78251 has been marked as a duplicate of this bug. ***

------- Comment #17 From MATSUU Takuto 2005-01-19 15:16:45 0000 ------- 
app-text/tetex-2.0.2-r5
app-text/cstetex-2.0.2-r1
app-text/ptex-3.1.4-r2
in cvs

------- Comment #18 From Luke Macken (RETIRED) 2005-01-19 15:47:39 0000 ------- 
Target KEYWORDS:

app-text/tetex-2.0.2-r5: alpha amd64 arm, hppa, ia64, mips, ppc, ppc64, ppc, macos, s390, sparc, x86
app-text/cstetex-2.0.2-r1: x86
app-text/ptex-3.1.4-r2: alpha, amd64, ppc, sparc, ppc64, ppc-macos, x86

archs, please mark stable.

------- Comment #19 From Luke Macken (RETIRED) 2005-01-19 15:52:23 0000 ------- 
s/ppc, macos/ppc-macos/

------- Comment #20 From Mike Doty 2005-01-19 18:50:34 0000 ------- 
app-text/tetex-2.0.2-r5 stable on amd64, I'll have to find someone else to test
ptex

------- Comment #21 From Bryan Østergaard (RETIRED) 2005-01-20 10:03:23 0000 ------- 
Stable on alpha.

------- Comment #22 From Olivier Crete 2005-01-20 12:11:45 0000 ------- 
all three done on x86

------- Comment #23 From Markus Rothe 2005-01-20 12:15:38 0000 ------- 
app-text/ptex-3.1.4-r2 and app-text/tetex-2.0.2-r5 stable on ppc64

------- Comment #24 From Ferris McCormick 2005-01-20 12:26:30 0000 ------- 
Tetex good for sparc.  Builds, installs, and creates correct output.

I cannot comment on cstetex or ptex, and am leaving them for someone who knows what they are.

------- Comment #25 From Hardave Riar (RETIRED) 2005-01-21 02:38:07 0000 ------- 
tetex stable on mips.

------- Comment #26 From Danny van Dyk (RETIRED) 2005-01-21 12:49:06 0000 ------- 
ptex doesn't build for me... :-/

------- Comment #27 From Simon Stelling (RETIRED) 2005-01-21 13:25:18 0000 ------- 
i can't confirm kugelfang's issue, it works fine here so i marked it stable

------- Comment #28 From Lars Weiler (RETIRED) 2005-01-21 13:42:55 0000 ------- 
tetex and ptex stable on ppc.

------- Comment #29 From Thierry Carrez (RETIRED) 2005-01-21 14:17:14 0000 ------- 
We just wait on sparc testing of ptex to issue the GLSA.

------- Comment #30 From Jason Wever (RETIRED) 2005-01-22 13:15:42 0000 ------- 
ptex stable on sparc

------- Comment #31 From Thierry Carrez (RETIRED) 2005-01-23 04:19:13 0000 ------- 
GLSA 200501-31
arm, hppa, ia64, ppc-macos, s390: please mark those stable to benefit from GLSA

------- Comment #32 From René Nussbaumer 2005-06-26 05:24:19 0000 ------- 
Already stable on hppa
First Last Prev Next    No search results available      Search page      Enter new bug