Bug 118665

Summary:	media-libs/libextractor possibly includes vulnerable Xpdf code
Product:	Gentoo Security	Reporter:	Sune Kloppenborg Jeppesen (RETIRED) <jaervosz>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	net-p2p
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://www.debian.org/security/2006/dsa-936
Whiteboard:	B2 [glsa] jaervosz
Package list:		Runtime testing required:	---

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-01-11 07:28:30 UTC

Could be affected by:

Bug #117481
GLSA 200512-08
GLSA 200508-08
GLSA 200501-28
GLSA 200412-24
GLSA 200410-20

net-p2p please advise.

Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-01-16 14:48:15 UTC

Please provide an updated ebuild.

[23:40:05] <@mkay> jaervosz: yep - libextractor is affected

Comment 2 Marcin Kryczek (RETIRED) gentoo-dev

2006-01-16 15:08:39 UTC

i've just added 0.5.9 (which is unaffected by this problem) to cvs. please mark stable

Comment 3 Marcin Kryczek (RETIRED) gentoo-dev

2006-01-16 15:30:32 UTC

stable on x86

Comment 4 Jason Wever (RETIRED) gentoo-dev

2006-01-16 18:31:35 UTC

SPARC'd

Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-01-16 22:48:58 UTC

Thx, this one is ready for GLSA. Perhaps we should bundle it with some of the other xpdf issues?

Comment 6 Thierry Carrez (RETIRED) gentoo-dev

2006-01-18 00:57:10 UTC

Yes, I would bundle it with pdftohtml and/or tetex (those which didn't get an advisory in December) as the description of those should include the two issues.

Comment 7 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-01-30 14:39:28 UTC

GLSA 200601-17