Gentoo Full Text Bug Listing

Bug 156573 - app-text/evince bundles vulnerable gv?

Bug#: 156573	Product: Gentoo Security	Version: unspecified	Platform: All
OS/Version: Linux	Status: RESOLVED	Severity: normal	Priority: P2
Resolution: FIXED	Assigned To: security@gentoo.org	Reported By: jaervosz@gentoo.org
Component: Vulnerabilities
URL: http://www.securityfocus.com/archive/1/452868/30/0/
Summary: app-text/evince bundles vulnerable gv?
Keywords:
Status Whiteboard: B2 [glsa] DerCorny
Opened: 2006-11-28 21:57 0000

Description:

Opened: 2006-11-28 21:57 0000

Seems like evince is affected by GLSA 200611-20. Any other packages bundling
gv?

------- Comment #1 From Stefan Cornelius (RETIRED) 2006-11-29 03:31:59 0000 -------

confirmed that it is possible to overwrite the EIP. I'll attach a patch that
fixed the problem for me. somebody should doubletest, just to make sure that i
didnt mess up.there is another app called "ggv" that might bundle gv code, but
not checked yet.

------- Comment #2 From Stefan Cornelius (RETIRED) 2006-11-29 03:33:44 0000 -------

Created an attachment (id=102972) [details]
Proposed patch, based on the gv patch. for version 0.6.1

------- Comment #3 From Stefan Cornelius (RETIRED) 2006-12-01 01:35:16 0000 -------

upstream patch:

http://cvs.gnome.org/viewcvs/evince/ps/ps.c?r1=1.6&r2=1.6.6.1&makepatch=1&diff_format=h

------- Comment #4 From Sune Kloppenborg Jeppesen 2007-03-25 10:56:36 0000 -------

Gnome please advise.

------- Comment #5 From Daniel Gryniewicz 2007-03-26 19:58:08 0000 -------

Okay, I've added 0.6.1-rc3 to the tree with this fix.

Arches:  Literally the only change was to the postscript backend.  You should
only need to test .ps files.

------- Comment #6 From Sune Kloppenborg Jeppesen 2007-03-27 06:31:08 0000 -------

Thx Daniel.

Arches please test and mark stable. Target keywords are:

evince-0.6.1-r3.ebuild:KEYWORDS="alpha amd64 hppa ia64 ppc ppc64 sparc x86"

------- Comment #7 From Christian Faulhammer 2007-03-27 07:01:07 0000 -------

x86 stable

------- Comment #8 From Gustavo Zacarias (RETIRED) 2007-03-27 13:49:29 0000 -------

sparc stable.

------- Comment #9 From Jeroen Roovers 2007-03-27 14:43:11 0000 -------

Stable for HPPA.

------- Comment #10 From Chris Gianelloni (RETIRED) 2007-03-27 18:39:10 0000 -------

alpha/amd64/ia64 done

------- Comment #11 From Tobias Scherbaum 2007-03-27 19:07:33 0000 -------

ppc stable

------- Comment #12 From Markus Rothe 2007-03-29 14:45:31 0000 -------

ppc64 stable

------- Comment #13 From Raphael Marichez 2007-04-06 23:22:19 0000 -------

GLSA 200704-06, thanks to everybody