First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 78620
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
post-1.3.5-koffice.diff Patch patch Caleb Tennis 2005-01-20 09:51 0000 730 bytes Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 78620 depends on: Show dependency tree
Bug 78620 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-01-18 22:19 0000 
koffice includes xpdf code and therefore might be vulnerable CAN-2005-0064.
Please see bug 77888 for details.

------- Comment #1 From Sune Kloppenborg Jeppesen 2005-01-19 00:54:15 0000 ------- 
KDE team, please bump koffice. Upstream patch is available on bug #77888.

------- Comment #2 From Carsten Lohrke 2005-01-19 04:42:59 0000 ------- 
<<< koffice-1.3.5-r2.ebuild

herds, please mark stable - would be nice to have it in 2005.0

------- Comment #3 From Caleb Tennis 2005-01-20 09:51:22 0000 ------- 
Created an attachment (id=49045) [edit]
Patch

According to an email from Waldo Bastian, this is the preferred fix for
koffice's xpdf problem.

------- Comment #4 From Sune Kloppenborg Jeppesen 2005-01-20 10:07:03 0000 ------- 
Back to ebuild. Kde please decide which patch you want to use.

------- Comment #5 From Carsten Lohrke 2005-01-20 10:11:27 0000 ------- 
"Both patches fix the same issue. The koffice patch doesn't seem to handle the 
keyLength == 0 case though. The koffice patch is the patch that went into 
xpdf upstream."

is exactly what he said. The question is, if we need to revise the patch for that reason. If it doesn't matter from the functionality and security perspective, it would only be an issue, if we have another problem, which needs to be patched. Also this affects all ebuilds, which apply the CAN-2005-0064.patch, not only koffice.

------- Comment #6 From Sune Kloppenborg Jeppesen 2005-01-20 10:28:41 0000 ------- 
Thx Carsten, that will be your head ache on the next xpdf vulnerability:-)

Arches please test and mark stable.

------- Comment #7 From Markus Rothe 2005-01-20 11:30:12 0000 ------- 
stable on ppc64

------- Comment #8 From Karol Wojtaszek (RETIRED) 2005-01-20 15:06:40 0000 ------- 
amd64 done

------- Comment #9 From Michael Hanselmann (hansmi) (RETIRED) 2005-01-21 12:38:21 0000 ------- 
Stable on ppc.

------- Comment #10 From Gustavo Zacarias (RETIRED) 2005-01-21 12:40:06 0000 ------- 
sparc stable.

------- Comment #11 From Bryan Østergaard (RETIRED) 2005-01-21 12:51:05 0000 ------- 
Stable on alpha.

------- Comment #12 From Sune Kloppenborg Jeppesen 2005-01-22 13:44:29 0000 ------- 
*** Bug 79135 has been marked as a duplicate of this bug. ***

------- Comment #13 From Sune Kloppenborg Jeppesen 2005-01-23 06:07:24 0000 ------- 
GLSA 200501-32
First Last Prev Next    No search results available      Search page      Enter new bug